KPMG Global Services - Web PT - Consultant

KPMG Global Services

KPMG Global Services (KGS) was set up in India in 2008. It is a strategic global delivery organization, which works with more than 50 KPMG member firms to provide a progressive, scalable and customized approach to business requirements

The KGS journey has been one of consistent growth, with a current employee count of nearly 10,000 operating from four locations in India Bengaluru, Gurugram, Kochi and Pune, providing a range of Advisory and Tax-related services to member firms within the KPMG network.

As part of KPMG in India, we were ranked among the top companies to work for in the country for four years in a row by LinkedIn, and recognized as one of the top three employers in the region for women, as well as for policies on Inclusion & Diversity by ASSOCHAM (The Associated Chambers of Commerce & Industry of India).

Furthermore, as KPMG in India, we were recognized as one of the Best Companies for Millennials at The Millennial Max Conference 2019 presented by The LNOD Roundtable as well as the Great Indian Workplace at the Culture Summit and Great Indian Workplace Awards 2019.

Location : Bangalore

Roles & responsibilities :

• Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications
• Perform manual security code review against common programming languages (Java, CSharp).
• Perform automated testing of running applications and static code (SAST, DAST).
• Experience in one or more of the following a plus: AI pen testing.
• Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux.
• Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Educational qualifications :

Masters (preferably in computer science or MCA) and/or B.E. / B. Tech (from a reputed University).

Work experience

4 8years of post-qualification experience with strong working knowledge on Manual Security code review.

Mandatory technical & functional skills:

• Strong knowledge on manual secure code review against common programming languages (Java, C#)
• Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent.
• Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs
• Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations.
• Preferred one year of experience in development of web applications and/or APIs.
• should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand.
• One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA

Other information:

Interview process: Please expect 2-3 rounds of interview

Does the job role involve travelling: No

Does the busy season apply to this role: Seasonality of the work is dependent on the projects/ deliverable timelines