Senior Associate – Cybersecurity at KPMG

Job Description

Position Summary

We are currently looking for a Senior Associate in our Information Technology Advisory Unit (ITA) to support in managing and executing cybersecurity engagements, including vulnerability assessments, penetration testing, and client advisory on security risks

Key roles and responsibilities

Assist in the development of a work plan, budget and quality plan to ensure efficiency, high performance and high-quality work on engagements.
Maintaining a progress tracker of engagement milestones, tasks, and deliverables.
Schedule and conduct engagement internal and client kick-off, progress and close out meetings
Conduct Red Teaming exercises, Vulnerability assessments and penetration tests within the relevant client engagements where applicable.
Perform social engineering simulations to test human susceptibility in disclosing sensitive information.
Present security risk exposures to the clients’ senior management.
Serve as a Subject Matter Expert (SME) in information/cyber security controls and technologies for KPMG clients.
Review organization’s security architecture, security control frameworks and guidelines.
Assisting in preparation of technical and commercial value propositions.
Identify, escalate and pursue opportunities for further work while on an engagement while demonstrating learning from previous engagements.
Supervise staff level engagement teams. Direct and review the work product of Associates and provides direction and training as necessary
Conduct trainings and capacity development for junior team members and raise training needs to Managers/Directors where needed
Risk management – Ensure full compliance with KPMG’s quality, risk and management requirements.
Any other tasks that will be assigned to you.

Academic/Professional qualifications and Experience:

Bachelor’s degree in business, engineering, economics, IT or related relevant degree course.
A minimum of four to six years of relevant work experience in cybersecurity
Professional qualification in OSCP, OSCE, OCWE, GIAC, CompTIA Security+, CISA, CISM, CEH, or CRTP certification.
Deep Networking Expertise
Understanding of TCP/IP, UDP, DNS, ARP, and other networking protocols, and knowledge of subnetting, firewalls, and network security concepts.
Comprehensive understanding of advanced networking concepts, such as VLANs, network segmentation, and secure protocols.
Proficiency in analyzing and exploiting network protocols such SMB and LDAP.
Familiarity with Windows and Linux, including command-line tools and system configurations.
Knowledge of common vulnerabilities and exposure standards (e.g., OWASP Top 10, CVE) and ability to use vulnerability scanning tools like Nessus, OpenVAS etc.
Hands-on experience with tools like Metasploit, Burp Suite, Wireshark, Nmap, and Kali Linux with understanding of password-cracking tools (e.g., John the Ripper, Hashcat)
Cloud Security Knowledge – Expertise in testing cloud infrastructures (e.g., AWS, Azure, GCP) for misconfigurations, improper IAM policies, and privilege escalation paths.
Experience in cloud security assessments including penetration testing.
Web Application Security Assessment – Familiarity with common web vulnerabilities such as SQL injection, cross-site scripting (XSS), and file inclusion vulnerabilities.
Proficiency in testing APIs, mobile applications, and containerized environments like Docker and Kubernetes.
Familiarity with post-exploitation activities, persistence techniques, and methods to evade detection by security solutions.
Experience in conducting Red Team assessments.
Ability to document findings clearly and concisely, including technical details and remediation recommendations

Personal attributes:

Good communication (written and verbal), numeracy, presentation and analytical skills.
IT proficiency, especially Microsoft Office
Strong analytical skills and attention to detail.
High level of integrity and professionalism.
Self-starter and able to work independently including across multiple priorities and complex matrixed roles and responsibilities.
Confident, tactful and able to effectively influence others and deal effectively with senior leaders.
Team player with leadership & team management capability
Excellent coordination and planning skills
Multicultural skills to operate across diverse African jurisdictions.
Resilience, tenacity, and the ability to handle difficult client conversations.
Comfort with multitasking, flexibility, open-mindedness, and the ability to make quick decisions.

We offer:

An exciting opportunity to work with a Big 4 firm on cutting edge clients across Africa.
Continuous learning and development.
Exposure to multi-disciplinary client service teams.
Unrivalled space to grow and be innovative.
Opportunity for international travel