KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada.
KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.
Responsibilities
Lead and oversee VAPT engagements (Network, Web, Mobile, API, Cloud, Thick Client).
Manage and execute Red Team operations, including:
Adversary simulation
MITRE ATT&CK–based exercises
Social engineering (phishing, vishing – where approved)
Internal and external attack simulations
Perform and guide advanced exploitation aligned with OSCP-level methodologies.
Oversee post-exploitation activities, privilege escalation, lateral movement, and persistence testing.
Ensure accurate risk ratings, root cause analysis, and remediation guidance.
Review and approve technical reports and executive summaries.
Lead, mentor, and grow a team of penetration testers and red teamers.
Conduct performance reviews, skill gap assessments, and training plans.
Promote best practices, research culture, and continuous improvement.
Perform technical interviews and support team hiring.
Act as primary point of contact for key clients and senior stakeholders.
Scope engagements, estimate effort, and support pre-sales activities.
Present findings to CISOs, IT Heads, and senior management.
Provide strategic security recommendations and roadmap inputs
Define and maintain testing frameworks, SOPs, and playbooks.
Ensure compliance with standards such as:
OWASP
NIST
ISO 27001
PCI-DSS
Support purple teaming activities with Blue Team and SOCs.
Ensure ethical testing, approvals, and compliance with legal guidelines.
Qualifications
Strong expertise in:
Network, Web, Mobile, and API Penetration Testing
OSCP-style exploitation techniques
Windows & Linux privilege escalation
Active Directory attacks (Kerberoasting, Pass-the-Hash, Golden Ticket)
Red Team tools & frameworks:
Metasploit, Cobalt Strike, Sliver, Empire
BloodHound, CrackMapExec, Mimikatz
Vulnerability tools:
Burp Suite, Nessus, Qualys, Nmap
Cloud security testing (AWS/Azure) – preferred
Scripting: Python, Bash, PowerShell (preferred)
Equal employment opportunity information
KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you
