KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our clients' needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment and community. At KPMG, you'll translate insights into action and reveal opportunities for all-our teams, our clients and our world. Service Line Overview
At KPMG's Consulting practice, we do not limit ourselves to either strategy or implementation. We deliver both. Our Hong Kong division is the fastest growing within KPMG China and represents a young and enthusiastic team that always pushes for success. Since our inception, we have acquired in-depth knowledge of an incredibly broad range of sectors and services.
To expand our team, we are seeking Cybersecurity Red Teaming / Penetration Testing specialists to join our Cyber Defence team. This role focuses on various technical areas such as iCAST, red teaming, application and network vulnerability assessment and penetration testing, architecture and configuration review, source code review and social engineering simulation.
Cyber team members regularly interact with C-Suite clients, such as Chief Executive Officer (CEO), Chief Information Security Officer (CISO), Chief Information Officer (CIO) and their direct reports. Hence, a client-centric mindset, an understanding of IT within a Business context, and well-developed communication skills are desirable.
We are seeking junior Cybersecurity (Red Teaming / Penetration Testing) consultants to join our Cyber Security team. This role focuses on various technical assessments areas such as simulation attacks (red/purple team), vulnerability assessment, application and network penetration testing, source code and configuration review, technical architecture review, etc. Key Responsibilities
Experience & Background
- Simulate latest cyber-attacks tactics in red team / blue team / purple team exercises
- Conduct social engineering and email phishing attacks to simulate the theft of passwords, infiltrate systems, and download malware / ransomware
- Perform application (web, mobile, and thick client) and infrastructure vulnerability assessment and penetration tests on different platforms and technologies
- Perform pentest in technical security testing assessment
- Identify and analyse the security vulnerabilities
- Conduct server / network appliance security configuration assessments
- Conduct source code review to identify software program vulnerabilities and detect malware or malicious embedded code
- Prepare reports on identified security vulnerabilities and possible recommendations to remediate the vulnerabilities.
- Remain up-to-date on the latest cybersecurity threats, vulnerabilities and regulatory requirements
Benefits we offer:
- A client centric mind-set, understanding of IT within a Business context, and well-developed communication skills are desirable.
- Professionally qualified is an advantage (e.g. CREST, GXPN, GPEN, GWAPT, OSCP, CRTE, CISSP, or other relevant qualifications)
- Experience in performing HKMA assessments is an advantage
- Experience with at least one programming/scripting language (e.g. C#, Python, C++, bash, PowerShell) is preferred
- Able to work on various platforms and operating systems (e.g. Windows, Linux, Kali) is preferred
- Able to understand basic networking concepts is preferred
- Understand the OWASP testing methodology and have knowledge of penetration testing tools
- Be able to work as part of a team, and at the same time being an independent self-starter
- Have strong analytical, problem solving and inter-personal skills
- Commands excellent written and oral communication skills with the ability to present ideas and results to technical and non-technical audiences
- Possess a recognised Degree in Computer Science, Cyber Security, Computer/Information Engineering, Information Technology or a related discipline (STEM) is an advantage
- Excellent written and verbal communication skills in English and Chinese (Cantonese or Mandarin)
KPMG is looking for someone who is passionate about helping our clients with their cyber security challenges. In return, we are helping you to develop your skills and career within the KPMG network.
- Well-structured career development and learning path, 1-to-1 coaching by our cybersecurity professionals
- Access to various cyber security learning resources
- Wide exposure to working with leading financial institutions and corporations
- Continuous sponsorship and support on professional certificate development (i.e. Offensive Security, GIAC, CREST, etc.)
- Opportunities for secondment / exchange within KPMG Global network based on staff performance and preference
- Opportunities to attend KPMG overseas Global Cyber Events - such as HackNet / BlackHat
- One annual professional membership sponsorship on the approved list
- Work in a passionate team with blended cybersecurity talents
At KPMG China, we are committed to being an equal opportunity employer, with zero tolerance for any form of discrimination against any persons. It is important for us to create an inclusive, diverse and agile workplace for our people to develop and thrive at both a personal and professional level.
We strive to make ESG (environmental, social and governance) a watermark running through our organisation; from empowering our people to become agents of positive change, to providing better solutions and services to our clients. To lead by example, we launched Our Impact Plan (OIP) which includes our ESG commitments and progress across four key pillars - Planet, People, Prosperity and Governance.
We encourage you to come as you are, and we welcome all qualified candidates to apply, and hope you unlock opportunities with us. Visit KPMG China website for more company information.
Please note that all information in this form has been voluntarily supplied and will be used by KPMG for selection purposed only.