Associate / Senior Associate – Emerging Tech Risk & Cyber (Penetration Testing)
KPMG’s Risk Advisory practice helps bridging the communications gap between business executives and IT professionals.
Technology is a key facilitator of rapid global business growth and advancement. It is also a major source of business risk. Boards and senior executives recognise the importance of technology, but often struggle to understand and manage it effectively. Often, business executives and their IT professionals don't speak the same language.
This communication gap can lead to misunderstandings and misaligned expectations and outcomes.
KPMG’s Risk Advisory practice helps bridging the communications gap between business executives and IT professionals. Our professional assists clients to focus on fundamental business issues that help increase revenues, control costs, and identify and manage risks, including the risks inherent in the technology systems used to support business objectives. Risk Advisory Services also provides information to clients to help them meet their strategic and financial goals. Our service offerings are closely aligned to our client’s business IT lifecycle to enable focused advisory efforts at all levels of the IT spectrum.
Working as part of our security team, you will be responsible for the following:
1. Performing penetration testing and vulnerability assessment on various types of technologies, implementations and industries. These includes:
- Penetration testing using automated tools and manual techniques
- Mobile and web application penetration testing
- Network penetration testing
- Host and database assessment and security configuration review
- Wireless security assessment
- Network security architecture design review
- Source code security reviews
- Cyber security maturity assessment
2. Performing incident response and forensics investigations, which includes:
- Host and network forensics investigations
- Malware analysis and reverse engineering
- Incident response and handling
3. Developing subject matter expertise in topics related to cyber security and penetration testing
4. Researching and analyzing known penetration testing methodologies, vulnerabilities and exploits, and tools and techniques
5. Working with regional and global team members in conducting penetration testing
6. Writing reports detailing findings and recommendations, and preparing presentations and communicating with clients on the results of penetration testing
7. Conducting training and knowledge sharing with team members
- Possess strong enthusiasm and interest in information security
- Able to document technical information for executive-level reporting and presentation
- Ability to work unsupervised and within team environment
- Able to communicate effectively in both written and spoken English
- Good communication, presentation and interpersonal skills
- Independent, self-motivated, organized, and results-oriented individuals capable of handling multiple tasks and achieving tight deadlines
- Strong analytical and management skills
- Strong technical knowledge in operating systems, networking, applications, and a good understanding of security issues.
- Fresh graduate or with 1 – 2 years of relevant experience and/or basic knowledge in information security for Associate level
- 2 – 4 years of proven technical security experience for Senior Associate level
- Previous experience in system administration and application development (mobile and web) would be an added advantage
- Able to demonstrate experience, knowledge and skills in utilizing common penetration testing and vulnerability assessment tools and techniques
- Familiarity with common penetration testing methodologies such as OSSTMM, OWASP and others
- Familiarity with security industry best practices such as SANS, NIST and CIS
- Experience/understanding of networking, including port numbers, services, protocols, TCP-IP stack and OSI-Model
- Experience/understanding of security principles, policies and industry best practices.
Qualifications and Certifications:
1. A Bachelor's or Master’s Degree in Computer Science/Information Technology/Cyber Security/Engineering/any related field
2. Candidates with the following certifications would have an advantage:
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Certified Ethical Hacker (CEH)
- Offensive Security Certified Professional (OSCP)
- Relevant SANS training/certifications.