Cyber Security

KPMG entities in India are established under the laws of India and are owned and managed (as the case may be) by established Indian professionals. Established in September 1++3, the KPMG entities have rapidly built a significant competitive presence in the country. Today we operate from offices across 14 cities including in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities have a domestic client base of over 2700 companies. Our global approach to service delivery helps provide value-added services to clients. Our differentiation is derived from a rapid performance-based, industry-tailored and technology-enabled business advisory services delivered by some of the leading talented professionals in the country. KPMG professionals are grouped by industry focus and our clients are able to deal with industry professionals who speak their language. Our internal information technology and knowledge management systems enable the delivery of informed and timely business advice to Clients. Role & Responsibility: Cyber in Government Experience: 3 to 8 years Location: Gurugram o Cyber security and/or Privacy, IT Audit, IT Risk/Compliance Management with focus on delivering projects in the government sector (working with ministries and departments of state/central government) o In-depth understanding of government sector is required – previous experience of working with government sector (India/global) o Background in pre-sales activities such as responding to RFPs/RFIs are required. Should be conversant in working on DPR preparation including low level design, RFP / EOI preparation etc. o Ability to deliver on large and complex government sector projects and meet deadlines while working both independently and in a team environment. o Strong communication skills Experience Required: • Strong understanding of IT security standards and frameworks (OWASP, NIST, CIS) • Strong understanding of security risks in networks and application platforms • Strong understanding of network security, infrastructure security and application security • Strong understanding of OSI, TCP/IP model and network basics • Demonstrate technical penetration testing skills on IT infrastructure, web applications, mobile platforms and Red teaming • Strong technical skills: Information security, network security, Windows security, UNIX/Linux security, web and mobile application security, Cloud platforms • Broad knowledge of security technologies for applications, databases, networks, servers, and desktop • Solid technical skills in both information security architecture and penetration testing and ability to assess testing tools and deploy the right ones. • Scripting and programming experience is beneficial • Ability to perform manual penetration testing • Experience in Application Security Testing (Web, Mobile & ERP [SAP]), or related functions Vulnerability Assessment, Penetration testing • Perform penetration testing of various thick client software, web applications, and communications infrastructure to assist in hardening the cybersecurity posture against malicious actors • Conduct security research on the latest emerging advanced persistent threats (APTs), malware, and other security developments to assist in enterprise security efforts. Apply this security research into assessments. • Perform technical writing to communicate the preparation, testing, and recommendation phases for various security tests. Work with stakeholders to remediate system vulnerabilities. • Train team members and colleagues on the latest cybersecurity tactics, techniques, and procedures (TTPs) to grow the skill of the firm • Understanding of various security technologies including end point security, perimeter security, advanced threat protection, malware defense and security management • Expertise in the phases of penetration testing. Familiarity with Kali Linux distribution and the associated penetration testing tools suite. Experience in penetration testing simulations like Hack the Box or Capture the Flag exercises considered a plus.