Job description
The KPMG Audit Technology team is dedicated to building cutting-edge solutions in close collaboration with the Audit function. We blend audit expertise with the latest technology, enabling us to understand the challenges our customers face daily and develop indispensable products that simplify their lives while promoting Audit Quality.
The KPMG Clara engineering team is dedicated to building cutting-edge Analytics and AI products for our Audit business. We blend audit expertise with the latest cloud technologies to build and run products that simplify the lives of our audit colleagues while promoting Audit Quality.
As a crucial member of the team, you will collaborate with a talented mix of Product Owners/Managers, Solution, Cloud and Enterprise Architects, Experience Designers, Business Analysts, and Testing specialists to build, deliver, and manage a portfolio of truly exciting products.
In recent years, our products' size and scale have rapidly expanded, leading to significant growth in our technology capability. There's never been a better time to join us.
With our ambitious growth plans, your future here is something to get excited about. As a valued team member, you'll be expected to stay current with the tech field and the latest trends in Audit delivery.
Why Join KPMG’s Audit Technology Team?
As a subject matter expert on secure application development within the CI/CD pipeline utilising Azure technologies, this role is to manage the day-to-day operation of the Platform technical security controls and processes within the Audit Data Solutions team. The role will have a dotted line into the Security Architecture & Advisory team to ensure the implementation of security processes aligns KPMG’s security frameworks, policies, standards, whilst collaborating with other security teams in areas such as vulnerability management, and incident management.
In this delivery-focused Security Engineer role, you will have the exciting opportunity to manage multiple workstreams simultaneously. Your responsibilities will encompass supporting the secure development and deployment of Azure-based solutions, actively participating in security audits, and contributing to the continuous improvement of security measures within Clara Data Solutions. As a key player in our security strategy, you will play a pivotal role in fortifying our systems against potential threats, ensuring the resilience of our security infrastructure, and promoting a culture of security awareness throughout the organization.
What will you be doing?
Develop, document, and maintain Platform security processes and plans per KPMG’s trust and verify framework.
Support in the development/design and management of Product/Platform security processes and automated tooling that prevent security issues.
Support on threat modelling exercises for our products.
Perform security-focused code reviews.
Support penetration testing activities.
Prioritise and oversee vulnerability remediation.
Manage the implementation of logging and integration to the corporate SIEM for SOC monitoring.
Lead Clara’s response to incidents and risks raised by the SOC.
Champion and coach cloud security principles across our product engineering team.
Manage escalations of security related issue, risk or exceptions, including audit actions
Lead Clara’s relationships with central security teams (Security Architecture, Security Testing, Security Operations) and contribute to communities of practice.
What will you need to do it?
Excellent understanding of security controls within Azure environments
Previous experience developing cloud-native applications using infrastructure-as-code best practices.
Experienced in securing containerized applications (Docker and Kubernetes security)
Experienced in securing API's and Web Applications.
Experience in managing infrastructure as code (IaC) (ideally Terraform) and CI/CD pipelines.
Experience in Implementing automated compliance and security checks via Azure Policies or other tooling.
Confident in using Git based source control.
Comfortable with a modern languages (Java, Python, Go, JavaScript, etc.)
Up-to-date knowledge of common security weaknesses and associated mitigations within cloud environments.
Ability to pragmatically introduce security controls.
Strong communication skills and the ability to work with all stakeholders.
Autonomy and initiative in identifying and resolving problems across the business.
Skills we’d love to see/Amazing Extras:
Ideally, you will also hold the following certifications:
Azure Security Engineer Associate AZ-500
Cybersecurity Architect Expert SC-100
Security Operations Analyst Associate SC-200
Microsoft Identity and Access Administrator SC-300
CISSP
To discuss this or wider Audit roles with our recruitment team, all you need to do is apply, create a profile, upload your CV and begin to make your mark with KPMG.
Find out more:
Within Audit we have a range of divisions and specialisms. Click the links to find out more below:
Audit at KPMG: www.kpmgcareers.co.uk/experienced-professional/audit/
About our firm: www.kpmgcareers.co.uk/people-culture/about-our-firm/
KPMG Culture. Being Inclusive: www.kpmgcareers.co.uk/people-culture/being-inclusive/
KPMG Workability and Disability confidence: www.kpmgcareers.co.uk/experienced-professional/applying-to-kpmg/need-support-let-us-know/
For any additional support in applying, please click the links to find out more:
Applying to KPMG: www.kpmgcareers.co.uk/experienced-professional/applying-to-kpmg/
Tips for interview: www.kpmgcareers.co.uk/experienced-professional/applying-to-kpmg/application-advice/
KPMG values: www.kpmgcareers.co.uk/experienced-professional/applying-to-kpmg/our-values/
KPMG Competencies: www.kpmgcareers.co.uk/experienced-professional/applying-to-kpmg/kpmg-competencies/
KPMG Locations and FAQ: www.kpmgcareers.co.uk/faq/?category=Experienced+professionals
KPMG are proud to be an inclusive, equal opportunity employer and we seek to attract and retain the best people from the widest possible talent pool.
As a member of the Business Disability Forum we're committed to ensuring that all candidates are treated fairly throughout the Recruitment Process.
We pride ourselves on being a place where your individuality is valued; you can be yourself and still achieve your potential. We believe that your individuality helps us to deliver the best results to our clients. Diversity of background, diversity of experience, diversity of perspective - that's the KPMG difference.
