KPMG Off Campus Hiring | Analyst – Freshers / Experienced | Upto 8 LPA

Qualifications

Required Qualifications & Skills:-

• Experience in Application VAPT. Understanding of OWASP vulnerabilities
• Coding/ scripting knowledge
• Knowedge on security tool development
• Experience in SAST and DAST tools
• Experience in Manual secure code review
• Understanding of AWS and Azure cloud security

Job Description & Responsibilities:-

• Perform penetration testing of various thick client software, web applications, and communications infrastructure to assist in hardening the cybersecurity posture against malicious actors
• Conduct security research on the latest emerging advanced persistent threats (APTs), malware, and other security developments to assist in enterprise security efforts. Apply this security research into assessments.
• Perform technical writing to communicate the preparation, testing, and recommendation phases for various security tests. Work with stakeholders to remediate system vulnerabilities.
• Train team members and colleagues on the latest cybersecurity tactics, techniques, and procedures (TTPs) to grow the skill of the firm
• Understanding of various security technologies including end point security, perimeter security, advanced threat protection, malware defense and security management
• Expertise in the phases of penetration testing. Familiarity with Kali Linux distribution and the associated penetration testing tools suite. Experience in penetration testing simulations like Hack the Box or Capture the Flag exercises considered a plus.
• Good Understanding of OWASP top 10 and mitigation techniques
• Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, Security Misconfiguration, CSRF, authentication/ authorization issues
• Database testing: MySQL, Oracle, NoSQL
• Understanding of cyber security management, cyber analytics, security intelligence platforms and threat intelligence frameworks
• Writing business proposals and response to client RFP/ RFIs
• Identifying business opportunities and lead delivery and program management for large cyber security programs
• Delivery team and client relationship management
• Experience on both commercial, open source tools and frameworks but not limited: Burpsuite, Metasploit, Core-Impact,  Kali-Linux, AppScan, WebInspect, SSLScan, Soap UI Pro, SonarQube, Qualys, Nikto, Nessus, nmap, sqlmap, OWASP ZAP