Cyber Defence Graduate Associate

Cyber Defence Graduate Associate at KPMG Singapore

KPMG in Singapore is part of a global organization of independent professional services firms providing Audit, Tax and Advisory services. Operating in 138 countries and territories with over 276,000 partners and employees, each KPMG firm is a legally distinct entity.

At KPMG, your long-term future is paramount. We aim to provide experiences that will stay with you for a lifetime, including great training, development across functional sectors, mobility opportunities, and corporate responsibility activities. Our culture values hard work, encourages new thinking, and embraces diversity and inclusion, driven by an innovative spirit to continuously improve.

Technology is a foundational element for many of the world's most influential organizations, presenting significant opportunities for businesses seeking new markets and investing in transformational change. The rapid emergence of new technologies, increased connectivity, and a 24/7 global commerce environment have left some organizations exposed to risks, hindering their business aspirations.

We believe that by challenging traditional thinking and adopting a proactive approach to risk management, organizations can be empowered to achieve their goals. KPMG Cybersecurity professionals assist clients in addressing concerns related to the Confidentiality, Integrity, Availability, and Privacy of their technology, business systems, and information assets. Our Cyber team takes a holistic view of technology and business integration to perform technology-risk focused assessments, ensure technology compliance, conduct IT/operational process reviews, and design robust information risk & cyber security solutions.

We are actively seeking candidates to join our expanding team to support clients in the following domain:

KPMG Cyber Defence

Our Cyber Defence team delivers comprehensive security solutions including vulnerability assessments, application and network penetration testing, wireless and mobile security, cloud security evaluations, and system security testing. Our core mission is to pinpoint blind spots in existing defenses and provide in-depth assessments of previously overlooked weaknesses. We specialize in red teaming to simulate real-world attacks and purple teaming to foster enhanced collaboration between offensive and defensive security teams.

Your Role as an Ethical Hacker/Penetration Tester

As a Cyber Defence Graduate Associate, you will leverage the latest techniques and tools to proactively test and challenge cyber security defenses for our clients. You will be at the forefront of simulating advanced threat scenarios through red and purple teaming exercises, helping clients redesign their defenses to be more resilient against actual cyber-attacks.

Key Responsibilities:

• Conduct comprehensive vulnerability assessments and penetration tests across diverse platforms, including web and mobile applications, networks, wireless systems, and cloud environments.
• Engage in purple and red teaming exercises to rigorously test client defenses and provide actionable insights into security posture enhancements.
• Develop detailed technical reports outlining findings, vulnerabilities, and recommended mitigations.
• Present findings and technical recommendations to senior management and clients in a clear and concise manner.
• Continually research and stay up to date with the latest cybersecurity trends, tools, and techniques.

What We're Looking For:

• Degree in Cybersecurity / Information Security; OR a Degree in Engineering or Computer Science / IT with relevant skills, experience, or aptitude for further development in cybersecurity.
• Familiarity with multiple operating systems, including Windows, Linux, and macOS, and their related security mechanisms.
• Familiarity with scripting and programming languages such as Python, JavaScript, Bash, or PowerShell.
• Understanding of web protocols such as HTTP, HTTPS, and SSL/TLS, and how to secure web applications.
• Knowledge of common vulnerabilities and exploitation techniques, such as those listed in the OWASP Top Ten.
• Exposure to cloud computing environments like AWS, Azure, or Google Cloud, and a basic understanding of cloud security best practices.
• Basic proficiency in penetration testing tools such as Nmap, Metasploit, Burp Suite, Wireshark, and familiarity with Kali Linux.
• Understanding of large language models (LLMs) and their applications in cybersecurity.
• Certifications such as Offensive Security Certified Professional (OSCP), CREST Registered Penetration Tester (CRT), Certified Penetration Testing Specialist (CPTS), and Certified Bug Bounty Hunter (CBBH) / Certified Web Exploitation Specialist (CWES) are highly desirable. Candidates currently planning to pursue these certifications are encouraged to apply.
• Strong analytical and problem-solving abilities.
• Excellent communication skills with the capability to relay complex technical information clearly.
• Eagerness to learn and adapt to new technologies and methodologies.
• A proactive approach to identifying and addressing security challenges.
• Keen interest in staying up-to-date on the latest cybersecurity trends and emerging threats.

Key skills/competency

• Vulnerability Assessment
• Penetration Testing
• Ethical Hacking
• Red Teaming
• Purple Teaming
• Cloud Security
• OWASP Top Ten
• Scripting (Python, Bash)
• Network Security
• Security Consulting