Penetration Tester (Middle) at KPMG — NeverHard

We’re seeking a skilled and motivated Middle Penetration Tester to join our Cybersecurity team in Astana/Almaty and support clients in identifying and addressing security vulnerabilities. In this role, you’ll participate in penetration testing engagements, assess organizations’ security posture, analyze potential threats, and help develop effective remediation strategies for clients across industries, including financial services and public sector. As our Middle Penetration Tester, you will: Conduct penetration testing activities to identify vulnerabilities and assess the effectiveness of clients’ security controls. Perform security assessments of technical infrastructure, including host-based log analysis and network analysis to identify potential compromises. Analyze security testing results and provide recommendations for remediation of identified vulnerabilities. Support the development of clear and comprehensive security assessment reports for clients. Participate in cybersecurity projects, collaborate with team members, and contribute to improving clients’ information security posture. Required qualifications: A Bachelor’s or Master’s degree in Information Technology, Cybersecurity, or a related field. 1+ years of relevant experience in penetration testing, application security, cybersecurity consulting, or related areas. Knowledge of Windows, Unix/Linux, TCP/IP, IDS/IPS, and web content filtering technologies. Fluency in English (written and spoken). Preferred qualifications: An understanding of IT General Controls and cybersecurity frameworks (e.g., NIST Cybersecurity Framework, ISO 27001). Experience with at least one object-oriented programming language (Python, Ruby, Java, etc.). Hands-on experience with cybersecurity learning platforms such as Hack The Box, TryHackMe, or PortSwigger. Experience participating in Capture The Flag (CTF) competitions. Relevant certifications such as OSCP or CPTS.