KPMG India Logo

KPMG India

Associate Consultant - VAPT / Red Teaming

Posted 2 Days Ago
Be an Early Applicant
In-Office
Mumbai, Maharashtra, IND
Mid level
In-Office
Mumbai, Maharashtra, IND
Mid level
Perform VAPT across web, mobile, API, network, cloud and infrastructure; identify and exploit vulnerabilities; conduct source code reviews; develop PoC exploits; produce technical reports with remediation; collaborate with development and infra teams; automate tests; research attack trends; participate in red/blue team exercises and support compliance.
The summary above was generated by AI

About KPMG in India

KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. 

KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.

Responsibilities
  • Perform Vulnerability Assessment and Penetration Testing (VAPT) for web, mobile, API, network, cloud, and infrastructure components.

  • Identify, exploit, and document security vulnerabilities using manual and automated techniques.

  • Conduct source code reviews to detect security flaws.

  • Develop proof-of-concept (PoC) exploits for validated vulnerabilities.

  • Prepare detailed technical reports, including findings, severity ratings, and remediation recommendations.

  • Work closely with product, development, and infrastructure teams to help fix security gaps.

  • Research the latest vulnerabilities, exploits, attack trends, and security tools.

  • Participate in red team / blue team exercises when required.

  • Ensure VAPT activities are aligned with security standards (OWASP, SANS, NIST, ISO 27001, etc.).

  • Automate repetitive security testing tasks using scripts or tools.

  • Support compliance audits and security certifications.

Qualifications
  • 3+ years of hands-on experience in VAPT or Security Research.

  • Strong understanding of:

    • OWASP Top 10

    • MITRE ATT&CK

    • Web and mobile security concepts

    • Network security protocols

  • Hands-on experience with tools such as:
    Burp Suite, Metasploit, Nmap, Nessus, Wireshark, Kali Linux, Nikto, Fortify, ZAP, MobSF, etc.

  • Ability to perform manual testing and identify vulnerabilities beyond automated scanner capabilities.

  • Strong analytical and problem-solving skills.

  • Experience in writing exploit scripts (Python, Bash, PowerShell, or similar).

  • Understanding of cloud platforms (AWS, Azure, GCP) is a plus.

  • Knowledge of secure coding practices.

 

Equal employment opportunity information 


KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

 

Similar Jobs

4 Hours Ago
Remote or Hybrid
India
Mid level
Mid level
Cloud • Computer Vision • Information Technology • Sales • Security • Cybersecurity
The Workflow Automation Engineer will design and implement automated workflows using N8N, Tray.ai, and AI technologies, collaborating with teams to enhance operational efficiency and deliver scalable solutions.
Top Skills: Ci/CdCoupaDevOpsGemini EnterpriseJSONMcpN8NNetSuitePythonRest ApisSalesforceSAPSnowflakeSQLTray.AiWorkdayXML
4 Hours Ago
Hybrid
Senior level
Senior level
Blockchain • Fintech • Payments • Consulting • Cryptocurrency • Cybersecurity • Quantum Computing
Senior Software Engineer will develop settlement software solutions, participate in agile methodologies, and contribute to evolving technology to SOA architecture.
Top Skills: JavaSoaWeb Service Design
4 Hours Ago
Easy Apply
Hybrid
Easy Apply
Senior level
Senior level
Artificial Intelligence • Cloud • Information Technology • Machine Learning • Software
Lead customer onboarding and optimization of LogicMonitor's IPM platform, proactively monitor and triage digital performance issues across CDNs, DNS, application delivery and browsers, configure synthetic tests, present findings and recommendations, collaborate cross-functionally, and mentor team members to improve customer outcomes and delivery.
Top Skills: Browser DevtoolsCdnsCloud InfrastructureCore Web VitalsCSSDigital Experience MonitoringDnsHTMLHttp/SJavaScriptLoad BalancersLogicmonitor IpmNetworking FundamentalsServersSynthetic MonitoringTlsWaterfall AnalysisWeb Performance Monitoring

What you need to know about the Mumbai Tech Scene

From haggling for the best price at Chor Bazaar to the bustle of Crawford Market, the energy of Mumbai's traditional markets is a key part of the city's charm. And while these markets will always have their place, the city also boasts a thriving e-commerce scene, ranking among the largest in the region. Driven by online sales in everything from snacks to licensed sports merchandise to children's apparel, the local industry is worth billions, with companies actively recruiting to meet the demands of continued growth.

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account