Cyber Defense Supervisor
  • South Africa Johannesburg
  • KPMG South Africa
1 year before
31.12.2023
Protect and Defend
Cyber Defense Analysis
Job Description

About the job
Job Title/position

Supervisor – Cyber Defense (Technical)

Number Of Positions

Johannesburg: 1

Function And Business Unit

Advisory – Risk Consulting: Technology Assurance (Cyber Security)

Description Of The Role And Purpose Of The Job

KPMG is currently seeking a supervisor to join our Cyber Security consulting and assurance practice. Cyber Security is a part of wider Technology Assurance unit.

The KPMG Cyber Security practice is one of our fastest growing practices. We are seeing tremendous client demand, and looking forward we don't anticipate that slowing down. In this ever-changing market environment, our professionals must be adaptable and thrive in a collaborative, team-driven culture. At KPMG, our people are our number one priority. With a wealth of learning and career development opportunities, a world-class training facility and market leading tools, we make sure our people continue to grow both professionally and personally. If you're looking for a firm with a strong team connection where you can be your whole self, have an impact, advance your skills, deepen your experiences, and have the flexibility and access to constantly find new areas of inspiration and expand your capabilities, then consider a career in Technology Assurance.

You Will Be Exposed To a Range Of Exciting Projects Across Industry Sectors And Service Lines Including

Working with KPMG you will consult on client projects, translating business and customer needs into innovative business and technology solutions. You will identify changes and recommend solutions that will typically involve a combination of cyber strategy and security excellence outcomes.

Driving the linkage between business strategy and cyber security (and vice versa), to deliver meaningful outcomes
Defining the technology strategy to create new streams of value in a business, and defining associated technology execution roadmaps
Designing innovative technology solutions for improving cyber security posture and advise on reducing cyber risk
Identify and assist client in meeting compliance requirement for and through cyber security
Assist in program management or assurance for shaping and defining security programs and embed cyber security in wider digital or business program
Working closely with the local team and member firms to bring innovation to our existing capabilities to help KPMG remain at the forefront of strategy, operational excellence and technology practices and thinking

As part of the role you will be expected to have detailed knowledge of security technologies and their application to addressing business challenges. The focus will be on delivering high quality engagement outcomes for our clients and maintaining productive client relationships that allow you to build strong professional networks over time.

We believe in diversity of thought background and unique experience. You need to have a solid background in technology as well as consulting. You're passionate about technology and innovation, finding novel approaches to solve problems. You thrive in a collaborative and innovative culture and want to join a firm that values problem solvers, the kind of people who reimagine the possible for their clients and key stakeholders.

We are looking for people in this role with a passion for and / or experience in the following areas:

Experienced in cyber security strategy, planning and implementation
Strong IT and cyber security technology acumen
Thorough knowledge of standards such as NIST, ISO 27001 and other applicable industry requirements
An experience in automation of compliance and assurance is desirable
Knowledge of application and security architecture on conventional on-premise and cloud stacks (IaaS, PaaS, SaaS)
Abreast of major technology trends, innovations and their practical (or potential) application
Approaches to technology governance and innovative ways of working
Excellent documentation and report writing skills

Key Responsibilities

Play a key role as subject matter expert in the business for specific technology domains.
Perform Vulnerability assessments of Web applications, APIs, Networks, Mobile applications, Desktop, and Cloud infrastructure based on leading security frameworks such as OWASP and CREST
Perform Penetration testing, including infrastructure, wireless and applications. This includes related activities such as Malware Analysis, Social Engineering, Reverse Engineering, Database Security, Network Security and Threat Modelling.
Perform security architecture assessments and configuration reviews on on-premise and cloud environments.
Provide guidance on security architecture, assisting clients with reducing their attack surface and optimizing their cyber defensive capabilities to adapt to modern threats.
Take responsibility for delivering high quality deliverables and outcomes for our clients. Ability to work as well as an individual and in a broader team environment, in line with our KPMG values.
Analyse, workshop and present insights and recommendations enabled by strategic thinking, technical knowledge and strong and clear communication skills.
Demonstrate an ability to translate complex technical results into business language through professional report writing.
Knowledge of current and emerging IT security technologies.
Maintain awareness of latest and common security threats, attack vectors and TTPs.
Ability to diagnose and troubleshoot deep technical issues.
Guide and coach junior team members in line with growth ambitions and required quality standards

Skills And Attributes Required For The Role

Demonstrate a strong grasp of business processes and risk management in areas such as cyber security, cloud computing, identity management, security compliances, technology risk management, and others
Knowledge of enterprise IT environments, cloud platforms and governance processes. The candidate must be proficient with technology platforms and communicate this information to the engagement team and client management through written correspondence and verbal presentations.
Plan and execute client engagements focusing on assessment, review, design and/or implementation of security strategy; identify improvement opportunities in the areas of process efficiency and security including role-based security and identity and access management based on KPMG's methodology
Identify and evaluate complex business and technology risks and remediation methods to mitigate risks
Contribute to practice growth by leading solution design and innovation related to cloud security platforms

Minimum requirements to apply for the role (including qualifications and experience):

A minimum of 3-5 years of hands-on experience in Cyber/Information Security or in a technology related field.
Bachelor's degree from an accredited college/university or equivalent experience.
Security related certifications such as CEH or ComTIA PenTest+. Ideally, candidate will be working towards an advanced security certification (for example OSCP).
Demonstratable track record in security research / training. Presence on GitHub, HackTheBox, TryHackMe, etc will be advantageous.
Excellent written and verbal communication, facilitation, and presentation skills
Ability to travel, subject to regulations
Consulting experience from a well-established consulting practice preferred

Quick response
Required Knowledge
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0024   Knowledge of database systems.
  • K0042   Knowledge of incident response and handling methodologies.
  • K0044   Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • K0049   Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • K0058   Knowledge of network traffic analysis methods.
  • K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • K0106   Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
  • K0112   Knowledge of defense-in-depth principles and network security architecture.
  • K0162   Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
  • K0177   Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • K0342   Knowledge of penetration testing principles, tools, and techniques.
  • K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
Required Skills
  • S0063   Skill in collecting data from a variety of cyber defense resources.
  • S0078   Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
  • S0167   Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).
  • S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Required Abilities
  • A0015  Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
  • A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • A0159  Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).