| Company | KPMG India |
| Job Title | Consultant – VAPT / Application Security / Red Teaming |
| Job ID | INTG10039772 |
| Department | Cyber Security – VAPT / Application Security |
| Job Type | Full-Time |
| Primary Job Location | Bengaluru |
| Office Location Mentioned | Kochi – Nippon Q1, Level-5 |
| Experience Required | 6+ Years in VAPT, Application Security, or Security Research |
| Minimum Qualification | Not specified (Bachelor’s degree in Computer Science, Information Security, IT, or related field is generally preferred) |
| Job Purpose | Perform Vulnerability Assessment & Penetration Testing (VAPT), Application Security Testing, Red Teaming, Source Code Review, Security Research, and Security Automation to identify and remediate vulnerabilities across enterprise applications and infrastructure. |
| Key Responsibilities | • Perform VAPT for Web, Mobile, APIs, Network, Cloud, and Infrastructure.• Identify, exploit, validate, and document security vulnerabilities.• Conduct secure source code reviews.• Develop Proof-of-Concept (PoC) exploits.• Prepare detailed technical reports with risk ratings and remediation recommendations.• Work with Product, Development, Infrastructure, and Security teams to resolve findings.• Research emerging threats, exploits, vulnerabilities, and security tools.• Participate in Red Team / Blue Team exercises.• Align testing with OWASP, MITRE ATT&CK, SANS, NIST, and ISO 27001 standards.• Automate security testing using scripts and tools.• Support compliance audits and security certifications. |
| Technical Skills | VAPT, Application Security, Red Teaming, Web Security, Mobile Security, API Security, Network Security, Cloud Security, Infrastructure Security, Source Code Review, Security Research, Secure Coding, Technical Reporting |
| Security Frameworks | OWASP Top 10, MITRE ATT&CK, SANS, NIST, ISO 27001 |
| Security Tools | Burp Suite, Metasploit, Nmap, Nessus, Wireshark, Kali Linux, Nikto, Fortify, OWASP ZAP, MobSF |
| Programming / Scripting | Python, Bash, PowerShell (or similar scripting languages) |
| Cloud Knowledge | AWS, Microsoft Azure, Google Cloud Platform (GCP) – Preferred |
| Core Competencies | Manual Penetration Testing, Exploit Development, Vulnerability Validation, Analytical Thinking, Problem Solving, Security Automation, Cross-functional Collaboration |
| Posting Date | 02 July 2026 |
| Career Level | Consultant (Mid–Senior Level Cyber Security Professional) |