At KPMG's Consulting practice, we do not limit ourselves to either strategy or implementation. We deliver both. Our Hong Kong division is the fastest growing within KPMG China and represents a young and enthusiastic team that always pushes for success. Since our inception, we have acquired in-depth knowledge of an incredibly broad range of sectors and services.

We are seeking Cybersecurity Attack & Penetration Tester / Ethical Hacker specialist to join our IT Advisory practice. This role focuses on various technical areas such as vulnerability assessment, application and network penetration testing, wireless security, mobile security, website & app security, and system security testing. This role also simulate real-time cyber-attacks using red-team/blue team techniques.

Cyber team members regularly interact with C-Suite clients, such as Chief Executive Officer (CEO), Chief Information Security Officer (CISO), Chief Information Officer (CIO), Chief Operating Officer (COO), Chief Risk Officer (CRO) and their direct reports. Hence, a client centric mind-set, understanding of IT within a Business context, and well-developed communication skills are desirable.

Responsibilities

- Perform application (web and mobile) and infrastructure vulnerability assessment and penetration tests on different platforms and technologies
- Conduct source code review to identify software program vulnerabilities and detect malware or malicious embedded code
- Conduct social engineering and email phishing attacks to simulate the theft of passwords, infiltrate systems, and download malware / ransomware
- Simulate real-time cyber-attacks using red team / blue team exercises
- Review and analyse security vulnerabilities to identify false positives
- Conduct server/network/middleware security configuration assessments
- Prepare reports on identified security vulnerabilities and possible recommendations to remediate the vulnerabilities.
- Assist in continuously enhancing the existing penetration testing methodologies
- Develop marketing and training materials to help develop staff awareness within the company and communicate KPMG’s capabilities to clients
- Remain up-to-date on the latest cybersecurity threats, vulnerabilities and regulatory requirements
- Build and maintain relationships with existing and prospective clients, and develop / improve your network of business contacts
- Assist with scoping prospective engagements and developing proposals

Qualifications and Skills

- Professionally qualified preferred (e.g. OSCP/CREST and/or GIAC - GXPN, GPEN, GWAPT, etc. or other relevant qualifications)
- Able to work on various platforms and operating systems (e.g. Windows, Linux, Kali) is preferred
- Experience with at least one scripting language (e.g. bash, powershell, python) is preferred
- Able to understand basic networking concepts (e.g. routing, ALC, load balancers, SSL/TLS, TCP) is preferred
- Understand the OWASP testing methodology and have knowledge of penetration testing tools
- Strong knowledge base in enterprise technologies and operations, enterprise networking, internet application security, database security evaluation and architecture, with self-motivated learning ability
- Be able to work as part of a team, and at the same time being an independent self-starter
- Have strong analytical, problem solving and inter-personal skills
- Commands excellent written and oral communication skills with the ability to present ideas and results to technical and non-technical audiences
- Possess a recognised Degree in Computer Science, Information Technology, Engineering (Computer / Electronics), or a related discipline is preferred.
- Excellent written and verbal communication skills in English and Chinese (Mandarin or Cantonese)
- Strong interpersonal skills with a demonstrated ability to gain the confidence and respect of senior level executives
- Strong client services orientation and accustomed to taking an active role in executing client engagements
- Strong analytical skills and the ability to develop thought leadership publications

Experience

- Have prior experience in conducting vulnerability assessments and penetration tests
- Minimum 3 years of relevant experience for Senior Consultant. Candidates will less experience (fresh graduates to 2 years of relevant experience) will be considered for Consultant
- Knowledge of IT security vendor products is an advantage
- Experience in financial services is preferred

We offer successful candidates an attractive remuneration package and the opportunity to work in a dynamic and exciting environment.

Personal data collected will be used for recruitment purposes only.

© 2018 KPMG, a Hong Kong partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved.