KGS -DN-IT Assistant Manager - Cyber Assessment
Bengaluru, Karnataka, India
KPMG India
KPMG is a global network of professional firms providing Audit, Tax and Advisory services.- Apply a thorough understanding of information security to perform information security risk assessments of technology enabled projects against industry standard or firm-specific control frameworks. Activities may include a variety of techniques, including onboarding development teams to SAST/DAST/IAST scanning toolsets via secure CI/CD pipelines, performing analysis of scan results, providing guidance to developers on recommended controls and countermeasures, and facilitation of security testing and management of residual risk. Assessment methodologies may include a combination of active and passive testing approaches, including static code analysis, vulnerability scanning of open-source software (OSS) libraries, and automated DAST scanning.
- Advise and guide development and project teams regarding compensating control alternatives where security requirements cannot be met.
- Act as the primary point of contact between IT development, project, and cyber security teams to help ensure that appropriate security remediation measures are implemented prior to deployment of application source code, and that security-related project objectives and timelines are met. Review evidence provided to close corrective action plans, ensuring that it meets the control objectives.
- Evaluate vulnerabilities/findings within software security scanning tools, recommending and assisting development teams with steps to remediate source code, web server configurations, and open-source software (OSS) libraries while meeting OWASP, SANS, and firm security requirements.
- Assessment techniques may include control and evidence review, penetration testing, or scanning platforms. Stay abreast with the latest security assessment trends, tools, and techniques collect evidence as needed to support security reviews and ensure evidence is properly maintained.
- Perform assessments tests and provide information and recommendations; assessment techniques may include control and evidence review, penetration testing, or scanning platforms. Stay abreast with the latest security assessment trends, security threat landscape, tools, and techniques. Collect evidence as needed to support security reviews and ensure evidence is properly maintained.
- Function as a subject matter expert in several IT security domains including but not limited to software development security, security assessment and testing, security and risk management, access control, cryptography, and monitoring.
- May oversee work product(s) and lead entire small projects, managing deadlines, expectations, and often contributing to staffing decisions and supervising the work performed by more junior staff; provide coaching, mentoring and feedback to such individuals.
- Solid foundation of software development security, DevSecOps security concepts and hands on experience in SCA, SAST, and DAST security scanning and remediation; deep knowledge of web applications, web servers, and API; solid understanding of software security and OWASP
Top 10 and SANS 25.
Experience working with scanning tools such as Fortify SCA, Fortify SSC, WebInspect, Mend, Github Enterprise, Azure DevOps, GHAS/GHAzDo, Defender for DevOps, and secure CI/CD pipelines as well as knowledge of common and emerging security risks.
- SANS GWEB, CDP, or DevSecOps Foundation preferred but not required; Other certifications such as CISSP, CISA, CEH are a plus but not required.
- Familiarity with NIST 800-53, NIST 800-171, NIST 800-66, CMMC, NIST Framework, ISO, HITRUST, PCI, and/or other relevant control frameworks.
- Demonstrated experience understanding of security principles, IT security controls and related technologies and products.
Strong verbal/written communication, problem solving, analytical and independent judgment skills to support an environment driven by customer service and teamwork. Ability to positively influence, mentor and be a credible source of knowledge to less experienced team members.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security Azure CEH CI/CD CISA CISSP CMMC Code analysis Cryptography DAST DevOps DevSecOps FedRAMP GitHub HITRUST IAST Java Monitoring NIST NIST 800-53 OWASP Pentesting Python Risk assessment Risk management SANS SAST Security assessment Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs