Description:
The Cyber Defense Senior Associate role will be working in the Cyber Defense Services (CDS) Team within our Technology Risk and Cyber practice. Cyber security is one of the areas which KPMG has identified for tremendous investment and growth. Our clients face a challenging cyber threat and look to us to help them understand and respond to that threat.
Responsibilities:
This role must have skills and experience in Red Teaming, Web Application testing, Mobile Application testing, and Infrastructure testing and would be part of an engagement team
- Perform manual penetration tests of websites, APIs, web services, infrastructure, networks, IoT Devices, and mobile applications to discover and exploit vulnerabilities;
- Assist technical leadership, share advice with team members on attack and penetration test engagements;
- Plan and execute offensive security engagements through penetration testing, red team operations, social engineering, physical security assessments, web application assessments;
- Perform offensive cyber security engagements simulating adversaries during red team operations leveraging adversarial Techniques, Tactics and Procedures (TTPs);
- Evaluate the security posture of third-party integrations and partnerships;
- Translate red team engagement findings into actionable items for both technical and executive audiences;
- Converse with non-technical audiences and articulate both scoping conversations as well as report read-outs;
- Guide technical audiences on remediation options, and assist them in weighing those options;
- Partner with the Cyber Defense teams to develop new testing techniques, automation for testing and marketing collateral to support the practice;
- Document detailed steps on tools and techniques in performing tests; and
- Document lesson learnt after performing tests.
Requirements:
- Bachelor’s degree /Diploma in an appropriate field from an accredited college/university;
- The candidate must have 3 to 5 years of relevant experience in a similar role, preferably in a professional services organization;
- At least 3 years of experience with using these penetration tools to perform security tests:
- NetSparker/Acunetix
- ZAP
- Veracode
- Kali Linux
- BurpSuite
- Nikto
- Knowledge of using orchestration and automation solutions in managing campaign and results
- Major ethical hacking certifications:
- CEH
- GPEN
- CREST
- OSCP, OSWE, OSWP
- CREST CRT, CPSA