KGS-EWT-Assistant Manager-Security Technical Assessment Analyst (Red Team)

The role involves supporting the end-to-end Security Technical Assessment service. The security Technical Assessments service helps defend KPMG and its clients by ensuring Security Technical assessments of KPMG information assets are performed and pro-actively driving findings and remediations in conjunction with Enterprise wide and Technology engineering teams, in alignment with KPMG risk objectives.

The Security Technical Assessment Analyst will:

• Work collaboratively with internal stakeholders and external 3rd parties to 
  • perform security technical configuration reviews, 
  • perform security technical assessments, 
  • support the delivery of security testing across the software development lifecycle on technology solutions & services,
  • proactively manage the end-to-end penetration testing process for technology solutions,
  • provide risk-based pragmatic technical security advice and recommendations.
• Lead on internal red team exercises to
  • Coordinate Red Team Operations: Oversee the planning, execution, and reporting of red team exercises to identify vulnerabilities and improve the organization’s security posture. Ensure alignment with industry standards and best practices. 
  • Develop and Implement Strategies: Create and maintain comprehensive red team strategies, including threat modelling, attack simulations, and penetration testing. Collaborate with other security teams to integrate findings into the overall security framework.
  • Foster a culture of continuous improvement and innovation within the team to stay ahead of emerging threats.
• Maintain good relationships with internal stakeholders and ensure customer satisfaction, by delivering quality service and escalation of issues as necessary.
• Influence colleagues to drive technical remediation in a collaborative manner in line with KPMG risk appetite.
• Identify and drive security technical assessments service improvements, especially using automation.
• Provide advice to security technical assessments service owner on ways to improve control mechanisms, identify, evaluate, and mitigate risks,
• Provide analysis on trends and proactively highlight issues and areas of concern.
• Create any required documentation to support the security technical assessment conducted.
• Maintain and update service documentation, such as process guides.
• Assist with reporting to leadership and other service stakeholders on service performance (against KPIs) and risk exposure (against KRIs).

You must have:

• Very good and relevant experience in a similar security technical assessment analysis and red team testing role.
• Understanding of tooling associated with security technical assessments such as AWS Config, Azure Policy, Static Application Security Testing and Dynamic Application Security Testing.
• Experience and knowledge in security technical assessments of applications and infrastructure within the Cloud, such as AWS and Azure.
• Experience working with external penetration testing vendors.
• Experience of successfully working in a fast paced, customer service environment, delivering high quality information security services. 

It would be advantageous if you can demonstrate some, or all:

• Experience and knowledge of container or serverless platforms.
• PowerShell scripting
• Any security or vulnerability management product certification.