We are seeking Cybersecurity Attack & Penetration Tester / Ethical Hacker specialist to join our IT Advisory practice.

This role focuses on various technical security testing areas such as vulnerability assessment, application and network penetration testing, wireless security, mobile security, website & app security, and system security testing. This role also simulate real- time cyber - attacks using red - team / blue team techniques.

Cyber team members regularly interact with C - Suite clients, such as Chief Executive Officer (CEO), Chief Information Security Officer (CISO), Chief Information Officer (CIO), Chief Operating Officer (COO), Chief Risk Officer (CRO) and their direct reports. Hence, a client centric mind - set, understanding of IT within a Business context, and well - developed communication skills are desirable.

Responsibilities

- Manage and lead the penetration testing team providing necessary coaching and mentoring to deliver various complex security testing
- Perform application (web and mobile) and infrastructure vulnerability assessment and penetration tests on different platforms and emerging technologies such as cloud, data lake and software - defined infrastructure
- Conduct source code review to identify software program vulnerabilities and detect malware or malicious embedded code
- Conduct social engineering and email phishing attacks to simulate the theft of passwords, infiltrate systems, and download malware/ransomware
- Conduct real - time simulation cyber - attacks leveraging bespoke threat intelligence
- Conduct server/network/middleware security configuration assessments
- Prepare reports on identified security vulnerabilities and possible recommendations to remediate the vulnerabilities
- Enhance existing penetration testing methodologies
- Develop marketing and training materials to help develop staff awareness within the company and communicate KPMG’s capabilities to clients
- Remain up - to - date on the latest cybersecurity threats, vulnerabilities and regulatory requirements
- Liaise with clients and manage stakeholders in an engagement lifecycle including designing, scoping, delivering and reporting
- Build and maintain relationships with existing and prospective clients, and develop / improve your network of business contacts

Qualifications and Skills

- Professionally qualified preferred (e.g. OSCP and/or CREST - CRT, CCT, CSAS and/or GIAC - GXPN, GPEN, GWAPT, etc. or other relevant qualifications)
- Able to work on various platforms and operating systems (e.g. Windows, Linux, Kali) is preferred
- Experience with at least one scripting language (e.g. bash, powershell, python) is preferred
- Familiar and experience with networking concepts (e.g. routing, ALC, load balancers, SSL/TLS, TCP) is preferred
- Extensive experience with the OWASP testing methodology (e.g. mobile, web applications) along with penetration testing tools that support it
- Strong knowledge base in enterprise technologies and operations, enterprise networking, internet application security, database security evaluation and architecture, with self - motivated learning ability
- Be able to lead and oversee as well as work as part of a team, and at the same time being an independent self - starter
- Have strong analytical, problem solving and inter - personal skills
- Commands excellent written and oral communication skills with the ability to present ideas and results to technical and non - technical audiences
- Possess a recognised Degree in Computer Science, Information Technology, Engineering (Computer/Electronics), or a related discipline is preferred
- Excellent written and verbal communication skills in English and Chinese (Mandarin or Cantonese)
- Strong interpersonal skills with a demonstrated ability to gain the confidence and respect of senior level executives
- Strong client services orientation and accustomed to taking an active role in executing client engagements
- Strong analytical skills and the ability to develop thought leadership publications

Skills

- Penetration Testing
- VAPT
- Cyber - security
- OSCP
- iCAST
- Red team
- Malware Analysis
- Application Security
- Cybersecurity
- CREST CRT CCT CSAS
- Cyber

Level of education

- Bachelor's Degree

To apply please send your CV and salary expectations by clicking "Apply Now".

We offer successful candidates an attractive remuneration package and the opportunity to work in a dynamic and exciting environment.

Personal data collected will be used for recruitment purposes only.              

© 2020 KPMG, a Hong Kong partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved.