Consultant

Company Overview

KPMG Global Services (KGS) Consulting is part of a dynamic team comprised of over 6,400 professionals providing consulting services to KPMG Firms worldwide. The team supports clients' business transformation journeys across various industries with extensive capabilities including Technology Enablement, Corporate Services, Customer and Operations, Cross Functional Services, Risk Services, and Managed Services. KGS is deeply committed to diversity, inclusion, and equity, offering a safe and inclusive environment.

Job Summary

The Consultant role within the Managed Services team involves working as an individual contributor under the guidance of a manager. The main responsibility entails performing security assessments on applications to discover and exploit vulnerabilities, thereby supporting clients in enhancing their security posture.

Responsibilities

• Conduct manual application penetration tests on web applications, internal applications, APIs, internal and external networks, and mobile applications to identify and exploit vulnerabilities.
• Perform manual security code reviews against common programming languages such as Java and C#.
• Execute automated testing of running applications and static code using methodologies like Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
• Utilize various application security tools including AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, and Kali Linux.
• Collaborate with technical and non-technical audiences to explain vulnerabilities like IDOR, Second Order SQL Injection, and CSRF, along with their root causes and remediation strategies.

Qualifications

• Educational Qualifications:
  • Master’s degree (preferably in Computer Science or MCA) and/or Bachelor of Engineering (B.E.) / Bachelor of Technology (B.Tech) from a reputed university.
• Technical Skills:
  • Strong knowledge of manual secure code review against common programming languages (Java, C#).
  • Minimum of three (3) years of recent experience with application security testing tools such as AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, and OWASP ZAP.
  • Minimum of three (3) years of experience performing manual penetration testing and code reviews against web apps, mobile apps, and APIs.
  • Proficiency in communicating results to both technical and non-technical audiences while leading remediation efforts.
• Preferred Skills:
  • Minimum of one (1) year of experience in the development of web applications and/or APIs.
  • One or more major ethical hacking certifications such as GWAPT, CREST, OSCP, OSWE, or OSWA are preferred though not mandatory.

Experience

• 4 to 8 years of post-qualification experience with strong working knowledge in manual security code review.

Environment

• The position is primarily based in Bangalore with potential flexibility to operate out of Pune or Gurugram. The work timing is 12 PM to 9 PM, tailored to support clients in the US time zone.

Salary

• Salary details are not specified.

Growth Opportunities

• Career advancement opportunities within KPMG are vast, promoting professional growth and access to global networks and resources.

Benefits

• The company provides a supportive and inclusive work environment, promoting trust and valuing authenticity among all employees. Specific employee benefits have not been outlined.