We are ktsa – kpmg technology services americas.
a service delivery center of kpmg us, with offices in mexico city, guadalajara, and a growing network of remote talent across the country. We deliver high-value technology, consulting, and corporate support services to kpmg us and its clients.
at ktsa, our employer value proposition is clear: explore.
explore isn't just a word — it's how we grow, lead, and thrive. It's the mindset that drives our culture and shapes every opportunity:
* experience a collaborative, inclusive, and multicultural workplace where you belong.
* excel by creating impact and leaving your mark on global projects.
* expand your potential with real career paths, learning programs, and mentorship.
* express your individuality — come as you are, and thrive as your authentic self.
and because we know that thriving at work also means thriving in life, we back this mindset with ktsamás, our total rewards program, designed to support your well-being, goals, and personal milestones.
responsibilities and qualifications:
job summary
* the role acts as a primary liaison between application development teams and cyber security to ensure security requirements are effectively integrated throughout the software development lifecycle (sdlc).
* key responsibilities include providing subject matter expertise in software security, secure coding practices, sast/dast/sca tooling, devsecops integration, and guiding remediation efforts.
* the individual will collaborate with relevant stakeholders to review, interpret, and update cybersecurity policies and standards as business and technology needs evolve.
* perform and oversee secure source code reviews and application security testing using sast, dast, sca, and iast tools.
* conduct information security risk assessments aligned with internal standards and industry frameworks.
* collaborate with development teams to embed secure coding practices and integrate security into agile and waterfall delivery models.
* support ci/cd onboarding for security scanning tools and provide interpretation of scan results and remediation guidance.
* analyze vulnerabilities across source code, configurations, and open‐source components, and recommend actionable mitigation steps.
* serve as a primary point of contact between cyber security and application teams to support timely risk remediation.
* apply knowledge of application architecture, software design, and secure development principles to assess and communicate risk.
* lead small initiatives and provide technical mentorship to junior team members.
* stay current on emerging threats, vulnerabilities, and best practices in application security.
* partner with stakeholders to review, update, and continuously improve security policies, standards, and procedures.
qualifications
education
experience
* 2+ years of experience in cybersecurity or secure software development.
required experience
* hands‐on experience with secure code review, vulnerability analysis, and security assessments across .net, java, python, or similar languages.
* expertise with sast and sca tools. (2 years or above)
* experience implementing secure ci/cd practices using github enterprise, azure devops or any other source code management platform. (6 months or above)
* proficiency in secure code remediation.
* experience integrating and managing security workflows within github and azure devops. (6 months or above)
* english proficiency, strong communication, analytical, and decision‐making skills.
knowledge & skills
* strong understanding of secure sdlc, application security, and devsecops principles.
* deep knowledge of web applications, apis, and server‐side architectures.
* ability to clearly communicate vulnerabilities aligned with owasp top 10 and cwe/sans top 25.
* ability to review, interpret, and apply cybersecurity policies, standards, and control requirements.
* experience with tools such as fortify sca/ssc, webinspect, mend, github advanced security, azure devops security tooling, and microsoft defender for devops a plus.
* ability to influence development teams and support junior staff development.
preferred certifications
* sans gwapt/gweb or equivalent certifications a plus.
expand your possibilities with ktsa through ktsamás, where you can access:
* extended maternity, paternity, and adoption leaves
* learning opportunities, training, and certification programs
* extended marriage leave and daycare support
* wellness and employee assistance programs (eap)
* comprehensive medical plan, life insurance, car insurance, and funeral assistance
visit www.ktsa.com.mx to learn more.
at ktsa, we celebrate and support everyone's individuality. We do not discriminate against any race, religion, color, national origin, gender, sexual orientation, gender identity or expression, age, marital status, or disability. We are supportive of helping you to achieve a balance between your home and work demands. We are happy to discuss specific requirements and our range of flexible working arrangements could be of interest. Please ask to find out more. We strongly state that we do not require a certificate of non-pregnancy or hiv in order to participate in any of our processes.
explore ktsa, we dare to be different!
home - ktsa
ktsa - kpmg technology services of americas
#j-18808-ljbffr