Security Architect, South Africa, KPMG South Africa

Job Description

About the job
Description Of The Role And Purpose Of The Job

KPMG is currently seeking Network Security Architects to join our Cyber Security consulting and technology assurance practice. Cyber Security is a part of wider Technology Assurance practice.

The KPMG Cyber Security practice is one of our fastest growing practices. We are seeing tremendous client demand, and looking forward we don't anticipate that slowing down. In this ever-changing market environment, our professionals must be adaptable and thrive in a collaborative, team-driven culture.

At KPMG, our people are our number one priority. With a wealth of learning and career development opportunities, a world-class training facility and leading market tools, we make sure our people continue to grow both professionally and personally. If you're looking for a firm with a strong team connection where you can be your whole self, have an impact, advance your skills, deepen your experiences, and have the flexibility and access to constantly find new areas of inspiration and expand your capabilities, then consider a career in Cyber Security Advisory.

Key Responsibilities

Working with KPMG you will consult on client projects, translating business and customer needs into innovative business and technology solutions. You will identify changes and recommend solutions that will typically involve a combination of Network Architecture and security excellence outcomes. You will be exposed to a range of exciting projects across industry sectors and service lines including:

Acting as a subject matter in the business for security architecture and wider technology advisory.
Create reference architecture covering network segmentations, software defined perimeter, certificate management, identity, and access management, managing privilege accesses, application integration. Knowledge of at least one or more of such concepts is desirable.
Facilitate information gathering, requirements analysis and design activities that support actionable roadmaps and strategies aligned to global standards such as NIST, ISO, TOGAF etc
Advise clients in creating future architecture and improving current state security architecture
Assist in engagements relating to zero trust transformations across domains
Develops overall architecture for network segmentation endpoint tooling, network security products and related endpoint-based controls for cloud and network operations.
Driving standardization and automation into all aspects of the network platform.
Prepare and maintain technical design documentation, diagrams and task-level project plans.
Translating business requirements into technical objectives for development teams
Take responsibility for delivering high quality deliverables and outcomes for our clients.
Writing reports based on our internal guidelines and quality standards

Qualifications

A minimum of 3 - 5 years of industry experience in development, support, configuration, deployment of security architecture.
Exposure of zero trust and related business architectures
CCNP & CCDP or higher certifications strongly preferred but not mandatory
3-5 years of experience designing service provider network infrastructures, at scale, e.g., ZTN, MPLS/BGP, routing, switching, SDN/NFV, EVPN, VXLAN.
Knowledge of IT networks, Zero Trust Architecture concepts and related identity management concepts such as PIM, PAM, IGA etc
Experience in network automation & REST API programming is advantageous.
A high level of learning agility to keep up with ever-changing business needs architecture changes, vendor/supplier offerings and service changes.
Ability and willingness to work in a multicultural virtual and remote team.
Excellent verbal/written communication skills, with ability to effectively interact with individuals at all levels of responsibility and authority;
Must be able to prioritize, delegate and foster the development of high-performance teams to lead/support an environment driven by customer service and teamwork;
Strong trouble-shooting and organizational skills and able to work on multiple projects simultaneously;
Team player with ambitions for leadership roles

Quick response

Required Knowledge

K0001 Knowledge of computer networking concepts and protocols, and network security methodologies.
K0004 Knowledge of cybersecurity and privacy principles.
K0024 Knowledge of database systems.
K0027 Knowledge of organization's enterprise information security architecture.
K0035 Knowledge of installation, integration, and optimization of system components.
K0037 Knowledge of Security Assessment and Authorization process.
K0043 Knowledge of industry-standard and organizationally accepted analysis principles and methods.
K0056 Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
K0061 Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
K0075 Knowledge of security system design tools, methods, and techniques.
K0102 Knowledge of the systems engineering process.
K0170 Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations.
K0179 Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
K0180 Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
K0291 Knowledge of the enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures.)
K0332 Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
K0333 Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs.
K0487 Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
K0516 Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
K0007 Knowledge of authentication, authorization, and access control methods.
K0010 Knowledge of communication methods, principles, and concepts that support the network infrastructure.
K0374 WITHDRAWN: Knowledge of basic structure, architecture, and design of modern digital and telephony networks. (See K0599)
K0565 Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.

Required Skills

S0122 Skill in the use of design methods.
S0374 Skill to identify cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
S0059 Skill in using Virtual Private Network (VPN) devices and encryption.
S0138 Skill in using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic).

Required Abilities

A0008 Ability to apply the methods, standards, and approaches for describing, analyzing, and documenting an organization's enterprise information technology (IT) architecture (e.g., Open Group Architecture Framework [TOGAF], Department of Defense Architecture Framework [DoDAF], Federal Enterprise Architecture Framework [FEAF]).
A0027 Ability to apply an organization's goals and objectives to develop and maintain architecture.
A0038 Ability to optimize systems to meet enterprise performance requirements.
A0051 Ability to execute technology integration processes.
A0060 Ability to build architectures and frameworks.
A0048 Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).