Digital Trust Cyber Defense Senior

2-5 years
3 months ago 1 Applied
Job Description

About KPMG in India


Experience: 5+ years with at-least 2-3 years in client facing advisory consulting role and managing a medium sized team

Preferred Certifications: CEH, ECSA, OSCP, CISSP, CCSK, OCSE, CCSP, AWS Security

Desired skill set:

1. Strong understanding of IT security standards and frameworks (OWASP, NIST, CIS)

2. Strong understanding of security risks in networks and application platforms

3. Strong understanding of network security, infrastructure security and application security

4. Strong understanding of OSI, TCP/IP model and network basics

5. Demonstrate technical penetration testing skills on IT infrastructure, web applications, mobile platforms and Red teaming

6. Strong technical skills: Information security, network security, Windows security, UNIX/Linux security, web and mobile application security, Cloud platforms

7. Broad knowledge of security technologies for applications, databases, networks, servers, and desktops

8. Solid technical skills in both information security architecture and penetration testing and ability to assess testing tools and deploy the right ones.

9. Scripting and programming experience is beneficial

10. Ability to perform manual penetration testing

11. Experience in Application Security Testing (Web, Mobile & ERP [SAP]), or related functions Vulnerability Assessment, Penetration testing

12. Perform penetration testing of various thick client software, web applications, and communications infrastructure to assist in hardening the cybersecurity posture against malicious actors

13. Conduct security research on the latest emerging advanced persistent threats (APTs), malware, and other security developments to assist in enterprise security efforts. Apply this security research into assessments.



IT security standards
Authn and Authz
web application security assessments
web and mobile application security
UNIX/Linux security
API security testing
Cloud platforms
client RFP/ RFIs
security risks
advanced persistent threats
SQL injections
API security mechanisms
API versioning mechanisms
security intelligence platforms
threat modelling
API schemas
Security Misconfiguration
authentication/ authorization issues
application platforms
TCP/IP model
security tests
cyber analytics
API design practices
cybersecurity tactics
threat intelligence frameworks

Career Advice to Find Better