Executive - Cyber Defense
KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada.
KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.
We are seeking a skilled and proactive VAPT (Vulnerability Assessment and Penetration Testing) Cyber Defense Analyst with 2-4 years of experience in identifying, assessing, and mitigating security vulnerabilities across enterprise applications, networks, cloud environments, and infrastructure. The ideal candidate will have hands-on experience performing vulnerability assessments, penetration testing, security validations, and supporting cybersecurity incident response activities.
Equal employment opportunity information
KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.
- Conduct Vulnerability Assessment and Penetration Testing (VAPT) on web applications, APIs, mobile applications, networks, and infrastructure.
- Perform internal and external security assessments to identify vulnerabilities and security gaps.
- Analyze security findings and provide remediation recommendations to stakeholders.
- Execute penetration testing using industry-standard tools and methodologies.
- Validate vulnerability fixes and conduct re-testing activities.
- Support secure configuration reviews and hardening assessments.
- Collaborate with development, infrastructure, and security teams to remediate vulnerabilities.
- Prepare detailed technical and executive-level VAPT reports.
- Participate in threat hunting, security monitoring, and incident response activities.
- Ensure compliance with security standards such as OWASP Top 10, NIST, ISO 27001, and CIS Benchmarks.
- Stay updated with emerging cyber threats, vulnerabilities, and attack techniques.
Required Skills & Qualifications
- Bachelor's degree in Computer Science, Information Security, Cybersecurity, or related field.
- 2-4 years of hands-on experience in VAPT and Cyber Defense.
- Strong understanding of networking concepts, TCP/IP, DNS, HTTP/HTTPS, and network protocols.
- Experience with vulnerability scanning and penetration testing tools such as:
- Nessus
- Qualys
- Burp Suite
- Nmap
- OWASP ZAP
- Metasploit
- Wireshark
- Knowledge of web application security testing and OWASP Top 10 vulnerabilities.
- Experience in conducting infrastructure and network security assessments.
- Understanding of Windows, Linux, and Cloud security fundamentals (AWS/Azure/GCP).
- Familiarity with SIEM tools such as Splunk, QRadar, Sentinel, or ArcSight.
- Basic scripting knowledge in Python, PowerShell, or Bash is preferred.
- Strong analytical, troubleshooting, and report-writing skills.
Preferred Certifications
- CEH (Certified Ethical Hacker)
- eJPT (eLearnSecurity Junior Penetration Tester)
- PNPT (Practical Network Penetration Tester)
- OSCP (Preferred)
- CompTIA Security+
- ISO 27001 Lead Implementer/Auditor (Added Advantage)
Desired Competencies
- Strong problem-solving and analytical skills.
- Excellent communication and stakeholder management abilities.
- Ability to work independently and in a team environment.
- Strong documentation and reporting skills.
- Passion for cybersecurity and continuous learning.