Application Security and Red Teaming Analyst

Analyst- Appsec / Red Teaming

Description

About KPMG in India

KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. 

KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.

Responsibilities

Vulnerability Assessment & Penetration Testing (VAPT)

• Perform vulnerability assessments and penetration testing on applications, networks, systems, and APIs
• Conduct manual and automated testing (web, network, cloud, and infrastructure)
• Identify, validate, and exploit security vulnerabilities and misconfigurations
• Prepare detailed VAPT reports including risk ratings, impact analysis, and remediation guidance
• Re-test vulnerabilities to validate fixes
• Align testing activities with OWASP Top 10, SANS Top 25, and industry best practices

Incident Response (IR)

• Monitor, analyze, and respond to security incidents including malware, phishing, ransomware, and unauthorized access
• Perform incident triage, containment, eradication, and recovery
• Analyze logs, alerts, and security events from SIEM and EDR tools
• Support root cause analysis and post-incident reporting
• Assist in improving incident response playbooks and processes
• Coordinate with SOC, IT, and other stakeholders during incident handling

Qualifications

• • 2+ years of experience in VAPT and/or Incident Response
  • Strong understanding of:
    • Web application security, network security, and system security
    • Cyber attack lifecycle and threat vectors
  • Experience with VAPT tools such as:
    • Burp Suite, Nessus, Qualys, Nmap, Metasploit, Nikto
  • Experience with IR tools such as:
    • SIEM (Splunk, QRadar, Sentinel)
    • EDR/XDR (CrowdStrike, Defender, SentinelOne)
  • Knowledge of:
    • OWASP Top 10, MITRE ATT&CK
    • Windows, Linux, and networking concepts
  • Basic scripting skills (Python, Bash, PowerShell) preferred
  • Strong documentation and reporting skills

Equal employment opportunity information 

KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you