Cyber - AppSec - BOA SCA/Manual Security Code Review Consultant

Bangalore, Karnataka, India

KPMG India

Welcome to KPMG International.

View all jobs at KPMG India

Apply now Apply later

Responsibilities:

Mandatory
 
• Perform manual security code review against common programming languages (Java, .NET)
• Perform automated testing of running applications and static code (SAST, DAST)
• Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications
• Formal programming experience is a must in Java/c# – at least 6 months
• Create new testing methods to identify vulnerabilities and entry points that attackers may use to exploit applications, networks, and systems

Good to Have:

• One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA
• Provide technical leadership and advice to team members on penetration test engagements
• Converse with technical and non-technical audiences to articulate both testing processes, techniques and results 
• Partner with the Cyber teams to develop new testing techniques, automation for testing and marketing collateral to support the practice and mentor junior and offshore team members on tools and techniques in performing tests
• Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan,NetsSparker,Acunetix,  Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent

 

Responsibilities:

Mandatory
 
• Perform manual security code review against common programming languages (Java, .NET)
• Perform automated testing of running applications and static code (SAST, DAST)
• Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications
• Formal programming experience is a must in Java/c# – at least 6 months
• Create new testing methods to identify vulnerabilities and entry points that attackers may use to exploit applications, networks, and systems

Good to Have:

• One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA
• Provide technical leadership and advice to team members on penetration test engagements
• Converse with technical and non-technical audiences to articulate both testing processes, techniques and results 
• Partner with the Cyber teams to develop new testing techniques, automation for testing and marketing collateral to support the practice and mentor junior and offshore team members on tools and techniques in performing tests
• Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan,NetsSparker,Acunetix,  Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent

 

Prior Experience:

The candidate must have 5 years of relevant experience in a similar role, preferably in a professional services organization.

 

 

 

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  1  0  0

Tags: APIs Application security Automation Burp Suite C Checkmarx CREST DAST Ethical hacking Exploit GWAPT Java Kali Linux OSCP OSWE OWASP SAST Veracode Vulnerabilities

Region: Asia/Pacific
Country: India

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.