KPMG China operates in 19 cities across China, with around 12,000 partners and staff in Beijing, Beijing Zhongguancun, Changsha, Chengdu, Chongqing, Foshan, Fuzhou, Guangzhou, Hangzhou, Nanjing, Qingdao, Shanghai, Shenyang, Shenzhen, Tianjin, Wuhan, Xiamen, Xi'an, Hong Kong SAR and Macau SAR. KPMG...

KPMG China operates in 19 cities across China, with around 12,000 partners and staff in Beijing, Beijing Zhongguancun, Changsha, Chengdu, Chongqing, Foshan, Fuzhou, Guangzhou, Hangzhou, Nanjing, Qingdao, Shanghai, Shenyang, Shenzhen, Tianjin, Wuhan, Xiamen, Xi'an, Hong Kong SAR and Macau SAR.

KPMG is a global network of professional services firms providing Audit, Tax and Advisory services. We operate in 154 countries and territories, and have 200,000 people working in member firms around the world.

Senior Consultant, Cyber Security (Attack & Pen Tester/Ethical Hacker)

Job level Middle
Work exp Minimum 3 Years
Education Bachelor Degree
Within Hong Kong
Employment type Full Time
Industry Accounting / Audit / Taxation
Job function Accounting > Management Consulting
Information Technology > Security / Audit
Information Technology > Others
Published On 21/12/2018
ref. 127940BR

At KPMG's Consulting practice, we do not limit ourselves to either strategy or implementation. We deliver both. Our Hong Kong division is the fastest growing within KPMG China and represents a young and enthusiastic team that always pushes for success. Since our inception, we have acquired in-depth knowledge of an incredibly broad range of sectors and services.

We are seeking Cybersecurity Attack & Penetration Tester / Ethical Hacker specialist to join our IT Advisory practice. This role focuses on various technical areas such as vulnerability assessment, application and network penetration testing, wireless security, mobile security, website & app security, and system security testing. This role also simulate real-time cyber-attacks using red-team/blue team techniques. .

Cyber team members regularly interact with C-Suite clients, such as Chief Executive Officer (CEO), Chief Information Security Officer (CISO), Chief Information Officer (CIO), Chief Operating Officer (COO), Chief Risk Officer (CRO) and their direct reports. Hence, a client centric mind-set, understanding of IT within a Business context, and well-developed communication skills are desirable.


- Perform application (web and mobile) and infrastructure vulnerability assessment and penetration tests on different platforms and technologies
- Conduct source code review to identify software program vulnerabilities and detect malware or malicious embedded code
- Conduct social engineering and email phishing attacks to simulate the theft of passwords, infiltrate systems, and download malware / ransomware
- Simulate real-time cyber-attacks using red team / blue team exercises
- Review and analyse security vulnerabilities to identify false positives
- Conduct server/network/middleware security configuration assessments
- Prepare reports on identified security vulnerabilities and possible recommendations to remediate the vulnerabilities.
- Assist in continuously enhancing the existing penetration testing methodologies
- Develop marketing and training materials to help develop staff awareness within the company and communicate KPMG’s capabilities to clients
- Remain up-to-date on the latest cybersecurity threats, vulnerabilities and regulatory requirements
- Build and maintain relationships with existing and prospective clients, and develop / improve your network of business contacts
- Assist with scoping prospective engagements and developing proposals?

Qualifications and Skills

- Professionally qualified preferred (e.g. OSCP/CREST and/or GIAC - GXPN, GPEN, GWAPT, etc. or other relevant qualifications)
- Able to work on various platforms and operating systems (e.g. Windows, Linux, Kali) is preferred
- Experience with at least one scripting language (e.g. bash, powershell, python) is preferred
- Able to understand basic networking concepts (e.g. routing, ALC, load balancers, SSL/TLS, TCP) is preferred
- Understand the OWASP testing methodology and have knowledge of penetration testing tools
- Strong knowledge base in enterprise technologies and operations, enterprise networking, internet application security, database security evaluation and architecture, with self-motivated learning ability
- Be able to work as part of a team, and at the same time being an independent self-starter
- Have strong analytical, problem solving and inter-personal skills
- Commands excellent written and oral communication skills with the ability to present ideas and results to technical and non-technical audiences
- Possess a recognised Degree in Computer Science, Information Technology, Engineering (Computer / Electronics), or a related discipline is preferred.
- Excellent written and verbal communication skills in English and Chinese (Mandarin or Cantonese)
- Strong interpersonal skills with a demonstrated ability to gain the confidence and respect of senior level executives
- Strong client services orientation and accustomed to taking an active role in executing client engagements
- Strong analytical skills and the ability to develop thought leadership publications?


- Have prior experience in conducting vulnerability assessments and penetration tests
- Minimum 3 years of relevant experience for Senior Consultant. Candidates will less experience (fresh graduates to 2 years of relevant experience) will be considered for Consultant
- Knowledge of IT security vendor products is an advantage
- Experience in financial services is preferred

We offer successful candidates an attractive remuneration package and the opportunity to work in a dynamic and exciting environment.

Personal data collected will be used for recruitment purposes only.

© 2018 KPMG, a Hong Kong partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved.