Senior Penetration Tester, Cyber Security and Digital Trust – Nicosia 84 views
We are growing & we are seeking for Senior Cybersecurity Penetration Testing specialists to join our Cyber Security and Digital Trust team. This role focuses on various technical areas such as application and network vulnerability assessment and penetration testing (external and internal infrastructure, web, and mobile applications), architecture and configuration review, source code review, social engineering simulations (phishing, vishing, and physical access attacks), attack simulation, cloud infrastructure assessments, and the delivery of web and mobile application security workshops.
The Cyber team regularly interacts with C-Suite executives, such as Chief Executive Officer (CEO), Chief Information Security Officer (CISO), Chief Information Officer (CIO) and their direct reports. Hence, a client-centric mindset, an understanding of IT within a Business context, and well-developed communication skills are desirable.
- Perform vulnerability assessment and penetration tests on different platforms and technologies such as external and internal infrastructure, web and mobile applications.
- Conduct social engineering and email phishing attacks to simulate the theft of passwords, infiltrate systems, and download malware / ransomware to test the security awareness level of Organisations.
- Conduct source code review to identify software program vulnerabilities and detect malware or malicious embedded code.
- Perform attack simulations using well known Tactics, Techniques and Procedures (TTPs) that cyber threat actors use to plan and execute cyber-attacks on business networks.
- Conduct cloud / server / network / middleware security configuration assessments.
- Conduct architecture review for cloud / on-premises IT environments.
- Prepare reports on identified security vulnerabilities and possible recommendations to remediate the vulnerabilities.
- Assist in continuously enhancing the existing security assessment methodologies.
- Develop marketing and training materials to help develop staff awareness within the company and communicate KPMG’s capabilities to clients.
- Remain up to date on the latest cybersecurity threats, vulnerabilities, and regulatory requirements.
- Build and maintain relationships with existing and prospective clients and develop / improve your network of business contacts.
- Assist with scoping prospective engagements and developing proposals.
- Coaching and developing team members through sharing of experience and knowledge.
- Continuous development of self and team, including managing client feedback.
- Developing constructive client relationships, both inside and outside of KPMG.
- Possession of a recognised Degree in Computer Science, Cyber Security, Computer/Information Engineering, Information Technology, or a related discipline (STEM) is preferred.
- Master’s degree in Cyber Security will be considered an advantage.
- Minimum 2 years of experience in a relevant role.
- At least one professional qualification required: eCPPTv2, eWPTXv2, OSCP, CRTP, CRTE, eCPTXv2, OSEP, OSWE, OSCE3, CREST, GXPN, GPEN, GCTI, GWAPT, or other relevant qualifications.
- Working experience preferred: Web/Mobile/Network/OT/IoT/other Penetration Tests, Vulnerability Assessment, Source Code Review, Appliance/System/Cloud Configuration Review, Social Engineering, Red/Blue/Purple teaming.
- Experience with at least one scripting language (e.g., Bash, PowerShell) or programming language (e.g., Python, C, Java) preferred.
- Able to understand basic networking concepts (e.g., routing, ALC, load balancers, SSL/TLS, TCP) is preferred.
- Understand the industry recognised testing standards and have knowledge of common penetration testing and attack simulation tools.
- Strong knowledge base in enterprise technologies and operations, enterprise networking, internet application security, database security evaluation and architecture, with self-motivated learning ability.
- Be able to conduct research and development and solve technical problems independently.
- Be able to work as part of a team, and at the same time being an independent self-starter.
- Have strong analytical, problem solving and inter-personal skills.
- Commands excellent written and oral communication skills with the ability to present ideas and results to technical and non-technical audiences.
- Excellent written and verbal communication skills in English.
- Business awareness and high motivation
- Excellent organizational and time management skills
- Strong analytical and interpretative skills
- Able to translate business requirements into a roadmap of technical tasks, utilizing a variety of tools, capabilities, and technologies
- Leadership, teamwork, and client management skills.
- Demonstrated integrity within a professional environment.
- Strong interpersonal skills, self-motivation, professional discipline, accuracy, reliability, and excellent analytical skills.
- Competitive remuneration package (incl. 13th salary)
- Bonus Scheme that reflects firm & individual performance
- Provident Fund
Health and Wellbeing
- BeWell@KPMG – a holistic programme to support employees’ wellbeing
- In-house occupational psychologist
- Occupational doctor
- KPMG Gym benefits
- Running Club
- Social committee
Life at KPMG
- Excellent opportunities for career development & advancement
- Hybrid working model (working from the office, client, and home)
- Flexible working hours
- Friday afternoon off
- Flex Fridays for July & August (Reduced Hours – 36hours)
- Reduced hours & Mother’s scheme working options
- Paid Maternity & Paternity Leave
- Paid Sick Leave
- Holiday entitlement from the 1st day you join
- Global Mobility programme
- Dress for your Day
- Free Parking
If you believe that you have the above qualifications and this opening sounds challenging apply now.
All applications will be treated with the strictest confidence. Only successful applicants will be contacted.
Should you have any queries in completing the online application form, please do not hesitate to contact us.
T: 22 209196, E: email@example.com