Security Technical Assessment Consultant Birmingham, England
Job description
Job details
Location: Aberdeen, Birmingham, Bristol, Cambridge, Cardiff, Edinburgh, Gatwick, Glasgow, Leeds, Leeds Broadgate, Liverpool, London, Manchester, Milton Keynes, Newcastle upon Tyne, Norwich, Nottingham, Plymouth, Reading, Sheffield, South Coast - Southampton, Watford
Capability: Technology & Engineering
Experience Level: Associate/Assistant Manager
Type: Full Time
Service Line: EWT Security Ops
Contract type: Permanent
Job description
This role is in the Security Advisory and Assessment (SAA) team, within the KPMG UK Information Security function. The SAA team are critical in the assessment, development and delivery of innovative, technology-enabled secure solutions for KPMG and our clients. The SAA team is vital to KPMG’s ability to demonstrate that we are delivering ‘secure by design’ solutions such that our business stakeholders, our clients and our regulators trust KPMG.
The Role
The role involves supporting the end to end Security Technical Assessment service. The security Technical Assessments service helps defend KPMG and its clients by ensuring Security Technical assessments of KPMG information assets are performed and pro-actively driving findings and remediations in conjunction with Enterprise wide and Technology engineering teams, in alignment with KPMG risk objectives.
The Security Technical Assessment Analyst will:
- Work collaboratively with internal stakeholders and external 3rd parties to
- perform security technical configuration reviews,
- review and approve change requests from a security perspective,
- perform security technical assessments,
- support the delivery of security testing across the software development lifecycle on technology solutions & services,
- support the completion of Red Team exercises,
- proactively manage the end to end penetration testing process for technology solutions,
- review any technical security exception requests, providing recommendations and documenting findings and actions and
- provide risk-based pragmatic technical security advice and recommendations;
- Maintain good relationships with internal stakeholders and ensure customer satisfaction, by delivering quality service and escalation of issues as necessary;
- Influence colleagues to drive technical remediation in a collaborative manner in line with KPMG risk appetite;
- Identify and drive security technical assessments service improvements, especially using automation.
- Provide advice to security technical assessments service owner on ways to improve control mechanisms, identify, evaluate, and mitigate risks,
- Attend and support internal and external audits from a security technical assessments service perspective;
- Support investigations and resolutions of security problems to find a root cause and find a balanced outcome;
- Provide analysis on trends and proactively highlight issues and areas of concern;
- Create any required documentation to support the security technical assessment conducted;
- Maintain and update service documentation, such as process guides;
- Assist with reporting to leadership and other service stakeholders on service performance (against KPIs) and risk exposure (against KRIs).
- Input to development of security technical assessments standards and security policies;
- Work towards and achieve or extend professional certifications as part of personal development.
The Person
You must have:
- Very good and relevant experience in a similar security technical assessment analyst role;
- Experience and knowledge in security technical assessments of applications and infrastructure within the Cloud, such as AWS and Azure;
- Experience working with external penetration testing vendors;
- Understanding of tooling associated with security technical assessments such as AWS Config, Azure Policy, Application Security Testing;
- Experience of successfully working in a fast paced, customer service environment, delivering high quality information security services;
It would be advantageous if you can demonstrate some, or all of:
- Experience scoping and overseeing Red Team testing;
- Experience working with external third parties;
- Experience and knowledge of Google Cloud Platform;
- Experience and knowledge of container or serverless platforms;
- Any security or vulnerability management product certification.
Why Technology & Engineering at KPMG?
Technology is at the heart of what we do and part of the very DNA of our business. That’s why we’ve invested in a single powerful team of connected technologists. 1,500 specialists, creating a step change in the way we work. Broader, deeper expertise, which is delivered to our clients faster than ever. Our connected solutions stretch across a range of specialisms too. From technology transformation, cyber and risk management through to security operations, data and analytics, automation, powered apps and Cloud. This is an opportunity to join a team that combines the entrepreneurial spirit and imagination of a start-up with the resources only a global network can provide. We’re committed to simplified structures and are investing in workplace tools that enable us to collaborate and innovate whether you’re working at home, in our office or at client sites.
Read about Technology & Engineering
