Job description
Roles and Responsibilities
The Role
Do you want to "hack the gibson?" Do you enjoy playing a "nice game of chess"? If we said "hack the planet" would you be able to tell us the film? At KPMG we are looking for a Senior Manager who lives and breathes hacking and information security. You will have earned your stripes doing CHECK work in data centres and be ready to, or already skilled in leading teams of talented testers.
In return we will provide some of the UK's most unique government and commercial engagements for you to cut your teeth on and a friendly, passionate team to develop and grow.
The KPMG's Cyber Defence (CDS) Team conducts client facing technical assurance and penetration testing and has a long and successful history in KPMG. Our clients are diverse and we cover many sectors with particular specialisms in Financial Services, High-end Defence Assurance and Telecommunications. We work closely with the NCSC developing new schemes such as Cross Domain Solutions Testing ( and are members of all current NCSC and CREST testing schemes - as a result we conduct interesting and challenging work that isn't on offer elsewhere.
Our team is made up of skilled individuals at different stages in their careers, centred around three locations in Leeds, Bristol and London, therefore we are able to offer flexibility in base location, as well as embracing remote working and team management.
Responsibilities
As this is a senior role, we want your business brain as well as your technical hacking skills. You will have ideas of how to drive the business forward, and be skilled in the commercial aspects of security testing, above all you will know what clients are looking for when they buy security testing and how to deliver it.
Aspects of the role include:
1. Management and delivery of penetration testing services to clients to include the following:
2. Scoping
3. Financial and risk management
4. Delivery of testing and the oversight of testers
5. Review of deliverables (QA)
6. Coaching and developing team members through sharing of experience and knowledge.
7. Performance management of junior staff.
8. Continuous development of self and team, including managing client feedback.
9. Monitoring quality of service and products to clients and carrying out improvement or development as necessary.
10. Actively identifying and progressing business development opportunities, as well as managing sales activities such as proposal writing and assisting with client presentations and debriefs.
11. Developing constructive client relationships, both inside and outside of KPMG.
12. Developing an understanding of KPMG's broader offerings to enable identification of business opportunities
Experience and Background
Required
13. Passion for Hacking!
14. Clear and demonstrable understanding of red-teaming/penetration testing, including NCSC and CREST accredited schemes such as xBEST, STAR/STAR-FS, CHECK.
15. Proven experience of successfully managing and delivering testing engagements on time and to budget.
16. Proven experience working within the UK cyber security industry
17. Demonstrable understanding and practical application of information security principles
18. Strong technical background in computing, networks, and programming.
19. Proven experience of producing high quality deliverables working alone and as part of a team.
20. Excellent communication skills (written and verbal)
21. Experience leading, coaching and mentoring highly technical teams
22. A genuine interest and desire to work with large multi-national clients in the information security field.
Advantageous:
23. CCT-App or CSTL-App.
24. Knowledge of NCSC CTAS and CPA Assurance Schemes
25. Knowledge of working in secure environments (List X facilities) and accredited labs (ISO17025)
26. Research and Development experience
27. Threat Intelligence experience
28. Standing and positive reputation in the information security community is seen as a plus.
Qualifications and Skills
Qualifications are a good way to demonstrate knowledge but are not the be all and end all, our team is made up of a large number of individuals with diverse backgrounds who all share the "hacker mindset".
If you have the experience then we want you to apply. Didn't do a degree in information security? A-Levels weren't as good as you hoped. Haven't attended every SANS course going, we don't mind!
For this role we only have two formal requirements.
29. CREST CCSAS qualification or be working towards CCSAS and ready to sit in the near future.
30. UK Government Security Clearance - the ability to apply for and hold SC is required, DV is advantageous.
Above all, KPMG is looking for someone who is passionate about helping our clients (including the UK Government) with their cyber security challenges. In return, we are committed to helping you enjoy the role and develop your skills and career within the KPMG network.