.. and Security Protocols Experience in ISO **/PCI Audits / implementation and Infra / IT Security Audit Experience in Infosec Awareness Program GRC (Governance, Risk & Compliance) Management Qualifications Is Education overrated? Yes. We believe so. But there is no way to locate you otherwise. So we might .. read more
About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.Function: IT Advisory, Risk Consulting- Cyber Defense- Ethical Hacking >> OVERVIEW KPMG is a global network of professional firms providing Audit, Tax and Advisory services. We operate in 156 countries and have 152,000 people working in member firms around the world. KPMG in India, a professional services firm, is the Indian member firm of KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets and competition. KPMG in India provide services to over 4,500 international and national clients, in India. KPMG has offices across India in Delhi, Chandigarh, Ahmedabad, Mumbai, Pune, Chennai, Bangalore, Kochi, Hyderabad and Kolkata. The Indian firm has access to more than 7,000 Indian and expatriate professionals, many of whom are internationally trained. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Consulting, Management Consulting and Transactions & Restructuring services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. With increasing regulatory requirements, the need for greater transparency in operations, and disclosure norms, stakeholders require assurance beyond the traditional critique of numbers. Hence assurance is being increasingly required on industry issues, business risks and key business processes. The Governance, Risk & Compliance Services practice assists companies and public sector bodies to mitigate risk, improve performance and create value.We assist our clients to effectively manage business and process risks by providing a full spectrum of corporate governance, risk management, and Compliance Services. These services are tailored to meet client's individual needs, and provide effective support to management in meeting the challenges and opportunities presented by today's complex business environment. Our professionals provide the experience to help companies stay on track and deal with risks that could unhinge their business survival. Our services enable clients to effectively co-ordinate their key growth, quality and operational challenges and working in partnership with us, clients have the benefits of KPMG's experienced, objective, and industry-grounded , BCA, MCA, BSC, MSCPreferred Certifications: CEH, ECSA, OSCP, CISSP, CCSK, OCSE, CCSP, AWS SecurityWork domains- Cyber security assessments- Red Teaming- Security architecture design- Infrastructure and application security assessments- Vulnerability assessment and penetration testing - Security reviews of traditional IT and non-IT network environments including Telecom and OT networks- ICS Security- IOT Security- API Security TestingEqual employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you. Following are some of our key service offerings in Cyber Defense:Vulnerability Assessment and Penetration TestingWeb ApplicationMobile ApplicationWeb Service / APIDesign of API schemas and threat modellingUnderstanding of JSON, XML, XSD's for messaging patternsWorking knowledge of REST APIs, GraphQL and API design practicesExperience with any of the API PaaS (Mulesoft, APIGEE, Azure) solutionsAPI versioning mechanismsAPI security mechanisms, Authn and AuthzInfrastructureScenario Based AssessmentAPIWeb ApplicationInfrastructureJob DescriptionExperience: 5+ years with at-least 2-3 years in client facing advisory consulting role and managing a medium sized teamPreferred Certifications: CEH, ECSA, OSCP, CISSP, CCSK, OCSE, CCSP, AWS SecurityDesired skill set:1. Strong understanding of IT security standards and frameworks (OWASP, NIST, CIS)2. Strong understanding of security risks in networks and application platforms3. Strong understanding of network security, infrastructure security and application security4. Strong understanding of OSI, TCP/IP model and network basics5. Demonstrate technical penetration testing skills on IT infrastructure, web applications, mobile platforms and Red teaming6. Strong technical skills: Information security, network security, Windows security, UNIX/Linux security, web and mobile application security, Cloud platforms7. Broad knowledge of security technologies for applications, databases, networks, servers, and desktops8. Solid technical skills in both information security architecture and penetration testing and ability to assess testing tools and deploy the right ones.9. Scripting and programming experience is beneficial10. Ability to perform manual penetration testing11. Experience in Application Security Testing (Web, Mobile & ERP [SAP]), or related functions Vulnerability Assessment, Penetration testing12. Perform penetration testing of various thick client software, web applications, and communications infrastructure to assist in hardening the cybersecurity posture against malicious actors13. Conduct security research on the latest emerging advanced persistent threats (APTs), malware, and other security developments to assist in enterprise security efforts. Apply this security research into assessments.14. Perform technical writing to communicate the preparation, testing, and recommendation phases for various security tests. Work with stakeholders to remediate system vulnerabilities.15. Train team members and colleagues on the latest cybersecurity tactics, techniques, and procedures (TTPs) to grow the skill of the firm16. Understanding of various security technologies including end point security, perimeter security, advanced threat protection, malware defense and security management17. Expertise in the phases of penetration testing. Familiarity with Kali Linux distribution and the associated penetration testing tools suite. Experience in penetration testing simulations like Hack the Box or Capture the Flag exercises considered a plus.18. Good Understanding of OWASP top 10 and mitigation techniques19. Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, Security Misconfiguration, CSRF, authentication/ authorization issues20. Database testing: MySQL, Oracle, NoSQL21. Understanding of cyber security management, cyber analytics, security intelligence platforms and threat intelligence frameworks22. Writing business proposals and response to client RFP/ RFIs23. Identifying business opportunities and lead delivery and program management for large cyber security programs24. Delivery team and client relationship management25. Experience on both commercial, open-source tools and frameworks but not limited: Burpsuite, Metasploit, Core-Impact, Kali-Linux, AppScan, WebInspect, SSLScan, Soap UI Pro, SonarQube, Qualys, Nikto, Nessus, nmap, sqlmap, OWASP ZAP