KPMG - Information Security Role

INFORMATION SECURITY - JOB DESCRIPTION

Technical Skills :

- Vulnerability Assessment (VA)

- Penetration Testing (PT)

- Web Application Security Testing

- Mobile Application Security Testing

- Thick client and Web services Security Testing

- Wi-fi Network Assessment

- Strong knowledge of security assessment tools e.g. Nessus, Acunetix, Appscan, nmap, Kali Linux etc.

- Strong knowledge of Operating systems preferably Linux / UNIX (IBM IAX, Sun Solaris, HP UX etc.) and network equipments

- System and Network Hardening

- Network Security Architecture Review

- Red Teaming/Purple Teaming

- Social Engineering, Phishing Attacks

- Malware and malicious code analysis

- Source Code Review

- Knowledge of Telecommunication Network and/or banking network would be preferred

- Knowledge of Supervisory control and data acquisition (SCADA) systems and Industrial control system (ICS)

Process Skills :

- Information Security Reviews

- Risk Assessment & Management

- Vendor security reviews

- SOC/NOC Review

- Network/Servers Change and Configuration Management Review

- Cyber Security Drills

- System and Process review around below IT enablers:

- NAC Review

- DLP

- Anti-Virus

- Domain Controller

- Email Security

Certifications :

- CISSP

- CEH

- ECSA

- CCSP

- OSCP/OSCE

- CCSK

- Cyber Security Nexus (CSX)

- GSEC

- GPEN

- ISO 27001 LA / LI

- CISA / CISM

Experience :

- 2+ years- experience in the related field, preferably with a consulting firm and in a Banking or Telecom domain

- Hands on experience related to conducting VAPT along with manual verification and exploitation, Web/Mobile application security testing, configuration review of operating systems, databases, network security devices, various security solutions such as WAF, SIEM, Email Security, Firewalls, IPS/IDS etc.

- Either one of the above certification, preferably in core security such as OSCP/OSCE, CEH/ECSA