About KPMG in India
KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada.
KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.
Job Description:
We are seeking a meticulous and experienced Secure Source Code Reviewer to join our team.
The ideal candidate will have a strong background in software development, secure coding
practices, and a keen eye for identifying security vulnerabilities within source code. This role
involves reviewing and analyzing source code to ensure that security best practices are followed
and to help mitigate potential security risks.
Key Responsibilities:
. Conduct Code Reviews: Perform detailed reviews of source code to identify security
vulnerabilities, coding errors, and non-compliance with security standards.
. Security Assessment: Evaluate code for common security issues such as injection flaws,
cross-site scripting (XSS), broken authentication, and other OWASP Top 10
vulnerabilities.
. Recommendations: Provide actionable recommendations to developers on how to
remediate identified vulnerabilities and improve overall code security.
. Collaboration: Work closely with development teams to understand application
functionality and offer guidance on secure coding practices.
. Documentation: Document findings and create detailed reports outlining security
vulnerabilities, risk levels, and remediation steps.
. Training: Assist in developing and delivering secure coding training sessions for
development teams.
. Stay Updated: Keep up-to-date with the latest security threats, vulnerabilities, and
technology trends to ensure the organization's code remains secure.
Qualifications:
. Education: Bachelor's degree in Computer Science, Information Security, or a related
field.
. Experience: Minimum of 3-5 years of experience in software development, with a strong
emphasis on secure coding practices.
. Skills:
o Proficient in one or more programming languages (e.g., Java, C#, Python,
JavaScript).
o In-depth knowledge of security principles and practices.
o Familiarity with static and dynamic code analysis tools.
o Understanding of web application security concepts and protocols.
o Strong analytical and problem-solving skills.
o Excellent communication skills, both written and verbal.
o Ability to work independently and as part of a team.
Preferred Qualifications:
. Certifications: Relevant security certifications such as CEH, Certified Secure Software
Lifecycle Professional (CSSLP)
. Experience: Previous experience in a similar role within a cybersecurity or software
development environment.
. Tools: Experience with security tools such as SonarQube, Checkmarx, Fortify, or similar.
. Knowledge: Familiarity with secure coding frameworks and standards such as OWASP,
SANS, and CERT.
Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.
|