Manager – Offensive Security Specialist at KPMG South Africa

Description of the role and purpose of the job:

KPMG is currently seeking a Manager to join our Cyber Security consulting and assurance practice based in Johannesburg.

• The KPMG Cyber Security practice is one of our fastest growing units. In this ever-changing market environment, our professionals must be adaptable and thrive in a collaborative, team-driven culture. At KPMG, our people are our number one priority. With a wealth of learning and career development opportunities, world-class training and market leading tools, we make sure our people continue to grow both professionally and personally. If you're looking for a firm with a strong team connection where you can be your whole self, have an impact, advance your skills, deepen your experiences, and have the flexibility and access to constantly find new areas of inspiration and expand your capabilities, then consider a career in Technology Assurance.

Working with KPMG you will consult on client projects, translating business and customer needs into innovative business and technology solutions. You will identify changes and recommend solutions that will typically involve a combination of cyber strategy and security excellence outcomes. You will be exposed to a range of exciting projects across industry sectors and service lines including:

• Driving the linkage between business strategy and cyber security (and vice versa), to deliver meaningful outcomes
• Defining the technology strategy to create new streams of value in a business, and defining associated technology execution roadmaps
• Designing innovative technology solutions for improving cyber security posture and advise on reducing cyber risk
• Identify and assist client in meeting compliance requirement for and through cyber security
• Working closely with the local team and member firms to bring innovation to our existing capabilities to help KPMG remain at the forefront of strategy, operational excellence and technology practices and thinking
• As part of the role you will be expected to have detailed knowledge of security technologies and their application to addressing business challenges. The focus will be on delivering high quality engagement outcomes for our clients and maintaining productive client relationships that allow you to build strong professional networks over time.
• We believe in diversity of thought background and unique experience. You need to have a solid background in technology as well as consulting. You're passionate about technology and innovation, finding novel approaches to solve problems. You thrive in a collaborative and innovative culture and want to join a firm that values problem solvers, the kind of people who reimagine the possible for their clients and key stakeholders.

We are looking for people in this role with a passion for and / or experience in the following areas:

• Play a key role as subject matter expert in the business for offensive security services
• Perform Vulnerability assessments of Web applications, APIs, Networks, Mobile applications, Desktop, and Cloud infrastructure based on leading security frameworks such as OWASP and CREST
• Perform Penetration testing, red team and purple team assessments including infrastructure, wireless and applications. This includes related activities such as Malware Analysis, Social Engineering, Reverse Engineering, Database Security, Network Security and Threat Modelling.
• Perform security architecture assessments and configuration reviews on on-premise and cloud environments.
• Provide guidance on security architecture, assisting clients with reducing their attack surface and optimizing their cyber defensive capabilities to adapt to modern threats.
• Take responsibility for delivering high quality deliverables and outcomes for our clients. Ability to work as well as an individual and in a broader team environment, in line with our KPMG values.
• Analyse, workshop and present insights and recommendations enabled by strategic thinking, technical knowledge and strong and clear communication skills.
• Demonstrate an ability to translate complex technical results into business language through professional report writing.
• Knowledge of current and emerging IT security technologies.
• Maintain awareness of latest and common security threats, attack vectors and TTPs.
• Ability to diagnose and troubleshoot deep technical issues.

Key responsibilities:

• Take responsibility for leading technology based consulting/ assurance engagements, managing the day-to-day delivery effort and work of the delivery team.
• Provide subject matter expertise in the business for specific technical security domains.
• Engage in planning, design, implementation, testing, and operation of cyber breach resilience processes and systems on client networks and applications.
• Support recovery efforts at impacted clients, helping them to minimize operational impact and resolve immediate defensive gaps.
• Develop next generation offensive security service offerings.
• Analyse, workshop and present insights and recommendations enabled by strategic thinking, technical knowledge and strong and clear communication skills.
• Support business development activities including the creation of compelling and differentiated value propositions in opportunity pursuits.
• Lead and coach others in engagements, and mentoring staff as they grow their capabilities, careers and client service impact. Performance management of colleagues to aid in their career growth.
• Extend the teams technical capabilities, toolsets and methodologies to ensure quality and efficiency.
• Maintain awareness of latest and common security threats, attack vectors and TTPs.

Minimum requirements to apply for the role (including qualifications and experience):

• A minimum of 5 - 8 years of experience in Information Security or in a technology related field. At least 2 years’ experience in leading a team in related subject matter.
• Bachelor's degree from an accredited college/university or equivalent experience.
• Advanced security related certifications such as CISSP, OSCP, OSCE or equivalent
• Strong experience in leading and conducting penetration tests, red team, purple team and technical vulnerability assessments.
• Experience in infrastructure, operating system (including AD) and application security assessments against leading benchmarks.
• Experience in conducting cloud security assessments (Azure, AWS, Google)
• Experience in Operational Technology security assessments will be advantageous.
• Demonstratable track record in security research and attendance/ presenting at cybersecurity conferences.
• Excellent written and verbal communication, facilitation, leadership, business development, and presentation skills
• Ability to travel
• Consulting experience from a well-established consulting practice preferred