Vulnerability Assessment and Penetration Testing Manager

• Lead and oversee VAPT engagements (Network, Web, Mobile, API, Cloud, Thick Client).
• Manage and execute Red Team operations, including:
  • Adversary simulation
  • MITRE ATT&CK–based exercises
  • Social engineering (phishing, vishing – where approved)
  • Internal and external attack simulations
• Perform and guide advanced exploitation aligned with OSCP-level methodologies.
• Oversee post-exploitation activities, privilege escalation, lateral movement, and persistence testing.
• Ensure accurate risk ratings, root cause analysis, and remediation guidance.
• Review and approve technical reports and executive summaries.
• Lead, mentor, and grow a team of penetration testers and red teamers.
• Conduct performance reviews, skill gap assessments, and training plans.
• Promote best practices, research culture, and continuous improvement.
• Perform technical interviews and support team hiring.
• Act as primary point of contact for key clients and senior stakeholders.
• Scope engagements, estimate effort, and support pre-sales activities.
• Present findings to CISOs, IT Heads, and senior management.
• Provide strategic security recommendations and roadmap inputs
• Define and maintain testing frameworks, SOPs, and playbooks.
• Ensure compliance with standards such as:
  • OWASP
  • NIST
  • ISO 27001
  • PCI-DSS
• Support purple teaming activities with Blue Team and SOCs.
• Ensure ethical testing, approvals, and compliance with legal guidelines.

• Strong expertise in:
  • Network, Web, Mobile, and API Penetration Testing
  • OSCP-style exploitation techniques
  • Windows & Linux privilege escalation
  • Active Directory attacks (Kerberoasting, Pass-the-Hash, Golden Ticket)
• Red Team tools & frameworks:
  • Metasploit, Cobalt Strike, Sliver, Empire
  • BloodHound, CrackMapExec, Mimikatz
• Vulnerability tools:
  • Burp Suite, Nessus, Qualys, Nmap
• Cloud security testing (AWS/Azure) – preferred
• Scripting: Python, Bash, PowerShell (preferred)

Equal employment opportunity information 

KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you