Associate Consultant - Vulnerability Assessment and Penetration Testing (VAPT) / Security Researcher
Kpmg India Services Llp
Work from Office
Full Time
Min. 6 yearsJob Description
Consultant - VAPT / Security Researcher
Description
About KPMG in India
KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada.
KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.
Responsibilities
- Strong understanding of security risks in networks and application platforms
- Strong understanding of network security, infrastructure security and application security,
- Strong understanding of OSI, TCP/IP model and network basics
- Demonstrate technical penetration testing skills on IT infrastructure, web applications, mobile platforms and Red teaming
- Strong technical skills: Information security, network security, Windows security, UNIX/Linux security, web and mobile application security, Cloud platforms.
- Good knowledge on web,Thick client,API, Mobile (Android,iOS) VAPT and Penetration testing assessments.
- Broad knowledge of security technologies for applications, databases, networks, servers, and desktops.
- Ability to perform manual penetration testing.
- Experience in Application Security Testing, or related functions Vulnerability Assessment, Penetration testing.
- Perform penetration testing of various thick client software, web applications, and communications infrastructure to assist in hardening the cybersecurity posture against malicious actors
- Perform technical writing to communicate the preparation, testing, and recommendation phases for various security tests. Work with stakeholders to remediate system vulnerabilities.
- Expertise in the phases of penetration testing. Familiarity with Kali Linux distribution and the associated penetration testing tools suite. Experience in penetration testing simulations like Hack the Box or Capture the Flag exercises considered a plus.
- Good Understanding of OWASP top 10 and mitigation techniques
- Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, Security Misconfiguration, CSRF, authentication/ authorization issues
- Experience on both commercial, open source tools and frameworks but not limited: Burpsuite, Checkmarx, Metasploit, Core-Impact, Kali-Linux, AppScan, WebInspect, SSLScan, Soap UI Pro, SonarQube, Qualys, Nikto, Nessus, nmap, sqlmap, OWASP ZAP .
- Conduct Source code(SAST/SCA) Analysis manually.
- Knowledge on scripting language like Python, Shell is an add-on.
- Perform Vulnerability Assessment and Penetration Testing (VAPT) for web, mobile, API, network, cloud, and infrastructure components.
- Identify, exploit, and document security vulnerabilities using manual and automated techniques.
- Conduct source code reviews to detect security flaws.
- Develop proof-of-concept (PoC) exploits for validated vulnerabilities.
- Prepare detailed technical reports, including findings, severity ratings, and remediation recommendations.
- Work closely with product, development, and infrastructure teams to help fix security gaps.
- Research the latest vulnerabilities, exploits, attack trends, and security tools.
- Participate in red team / blue team exercises when required.
- Ensure VAPT activities are aligned with security standards (OWASP, SANS, NIST, ISO 27001, etc.).
- Automate repetitive security testing tasks using scripts or tools.
- Support compliance audits and security certifications.
Qualifications
- 6+ years of hands-on experience in VAPT or Security Research.
- Strong understanding of:
- OWASP Top 10
- MITRE ATT&CK
- Web and mobile security concepts
- Network security protocols
- Hands-on experience with tools such as:
Burp Suite, Metasploit, Nmap, Nessus, Wireshark, Kali Linux, Nikto, Fortify, ZAP, MobSF, etc. - Ability to perform manual testing and identify vulnerabilities beyond automated scanner capabilities.
- Strong analytical and problem-solving skills.
- Experience in writing exploit scripts (Python, Bash, PowerShell, or similar).
- Understanding of cloud platforms (AWS, Azure, GCP) is a plus.
- Knowledge of secure coding practices.
Equal employment opportunity information
KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.
Job role
Job requirements
About company
Similar jobs you can apply for
Hardware & Network Engineer
Computer Hardware Technician
Upvote Consulting Services Private LimitedWork from OfficeFull TimeAny experience
Basic English
Laptop Repair Technician
IT WorldWork from OfficeFull TimeMin. 1 yearBasic EnglishComputer Hardware Technician
1. JLM Training Service 2. CAD Scan Training ServiceWork from Office
Part TimeFull TimeAny experienceBasic EnglishLaptop Repair Technician
IT WorldWork from OfficeFull TimeMin. 1 yearBasic EnglishNetwork Engineer
Beekayit Netsec Solutions Private LimitedWork from OfficeFull TimeMin. 2 yearsBasic EnglishField Engineer
Seven Star Digicomm Pvt Ltd
Field JobFull TimeMin. 1 yearNo English RequiredYou can expect a minimum salary of 0 INR. The salary offered will depend on your skills, experience and performance in the interview.
The candidate should have completed the required education and people who have 6 to 31 years are eligible to apply for this job. You can apply for more jobs in Mumbai/Bombay to get hired quickly.
The candidate should have sound communication skills and sound communication skills for this job.
Both Male and Female candidates can apply for this job.
No, it's not a work from home job and can't be done online. You can explore and apply for other work from home jobs in Mumbai/Bombay at apna.
No work-related deposit needs to be made during your employment with the company.
Go to the apna app and apply for this job. Click on the apply button and call HR directly to schedule your interview.
The last date to apply for this job is . For more details, download apna app and find Full Time jobs in Mumbai/Bombay . Through apna, you can find jobs in 64 cities across India. Join NOW!