2 Penetration Testing jobs in Hong Kong

Join to apply for the Consultant/Senior Consultant, Cyber Security (Penetration Testing/ Red Teaming), Technology Consulting (MJ005350) role at KPMG China

Join to apply for the Consultant/Senior Consultant, Cyber Security (Penetration Testing/ Red Teaming), Technology Consulting (MJ005350) role at KPMG China

KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our clients’ needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment and community. At KPMG, you’ll translate insights into action and reveal opportunities for all—our teams, our clients and our world.
Service Line Overview
At KPMG's Consulting practice, we do not limit ourselves to either strategy or implementation. We deliver both. Our Hong Kong division is the fastest growing within KPMG China and represents a young and enthusiastic team that always pushes for success. Since our inception, we have acquired in-depth knowledge of an incredibly broad range of sectors and services.
KPMG is the firm that views cyber security as a business enabler, and not just an IT issue. From the boardroom to back office, we help clients through Strategy and Governance, Transformation, Cyber Defense and Cyber Response. So that they are prepared for uncertainty and use cyber security to advance the business, not stand in the way.
Our wide range of projects includes Cyber Strategy, Cyber Digital Transformation, Governance & Risk, as well as a strong presence in Penetration Testing or Ethical Hacking. We are keen to speaking with cyber security specialists with various expertise and experiences to join our growth story.
We are now seeking Consultant/ Senior Consultant candidates for Cyber Defense Team.
Key Responsibilities

• Perform vulnerability assessment and penetration tests on different platforms and technologies
• Simulate real-time cyber-attacks using red team / blue team / purple team exercises
• Conduct social engineering and email phishing attacks to simulate the theft of passwords, infiltrate systems, and download malware / ransomware
• Conduct source code review to identify software program vulnerabilities and detect malware or malicious embedded code
• Conduct cloud / server / network / middleware security configuration assessments
• Conduct architecture review for cloud / on-premise IT environments
• Prepare reports on identified security vulnerabilities and possible recommendations to remediate the vulnerabilities
• Assist in continuously enhancing the existing security assessment methodologies
• Support in developing marketing and training materials to help develop staff awareness within the company and communicate KPMG's capabilities to clients
• Remain up-to-date on the latest cybersecurity threats, vulnerabilities and regulatory requirements
• Develop constructive client relationships, both inside and outside of KPMG
  

• Bachelor’s degree in computer science, InformationTechnology, or related field.
• At least one professionally qualification required: CREST, GXPN, GPEN, GCTI, GWAPT, OSCE3, OSEP, OSWE, OSEP, OSCP, CRTE, eCPTX, CISSP, or other relevant qualifications.
• 2 years of relevant working experience preferred: Red/Blue/Purple Teaming, Web/Mobile/Network/OT/IoT/other Penetration Tests, Vulnerability Assessment, Source Code Review, Appliance/System/Cloud Configuration Review, Malware development, Social Engineering.
• Candidate with less experience will be considered as Consultant.
• Knowledge in threat intelligence, reverse engineering, security products, incident response, SOC operation or other related areas will be an advantage.
• Experience with at least one scripting language (e.g. Bash, PowerShell) or programming language (e.g. Python, C, Java) preferred.
• Able to understand basic networking concepts (e.g. routing, ALC, load balancers, SSL/TLS, TCP) is preferred.
• Understand the industry recognised testing standards and have knowledge of common red teaming tools·
• Knowledge base in enterprise technologies and operations, enterprise networking, internet application security, database security evaluation and architecture, with self-motivated learning ability.
• Be able to conduct research and development and solve technical problems independently.
• Be able to work as part of a team, and at the same time being an independent self-starter·
• Have strong analytical, problem solving and inter-personal skills·
• Commands excellent written and oral communication skills with the ability to present ideas and results to technical and non-technical audiences·
• Possess a recognised Degree in Computer Science, Cyber Security, Computer/Information Engineering, Information Technology or a related discipline (STEM) is preferred·
• Excellent written and verbal communication skills in English and Chinese (Mandarin or Cantonese)
  

• Well-structured career development and learning path, 1-to-1 coaching by our cybersecurity professionals
• Access to various cyber security learning resources
• Wide exposure to working with leading financial institutions and corporations
• Continuous sponsorship and support on professional certificate development (i.e. Offensive Security, GIAC, CREST, etc.)
• Opportunities for secondment / exchange within KPMG Global network based on staff performance and preference
• Opportunities to attend KPMG overseas Global Cyber Events – such as HackNet / BlackHat
• One annual professional membership sponsorship on the approved list
• Work in a passionate team with blended cybersecurity talents
  

• Seniority level Entry level

• Employment type Full-time

• Job function Engineering and Information Technology
• Industries Professional Services

Referrals increase your chances of interviewing at KPMG China by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.