Analyst - Cyber Defense

About KPMG in India

KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada.

KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.

• Monthly VAPT planning, scan scheduling, scanning and reporting. 
• Review of VAPT report and provided necessary comments 
• Conduct vulnerability Compliance check/Revalidation 
• Track vulnerabilities in all technologies on a continuous basis in view of the Cyber Security Advisories. 
• VA reporting, remediation support, tracking and dashboard reporting. 
• Monitoring the progress of scanning and troubleshooting the failed scans in coordination with PIM/ server admin/app admin teams. 
• Coordination with application and infra teams to provide continuous inputs. 8. Timely communicate to hardware and software teams the MIS reporting of vulnerabilities along with recommendation
• False positive review and exception management. 
• Adhoc request handling, management and Vulnerability Management reporting. 
• Availability of resources, as per the VA and patching schedule, for off office hours as well as weekends as per program requirement. 
• Periodical review and updation of details of servers/devices
• Maintain an up-to date plan for deploying and managing patch management
•  Implement patches as per approved deployment strategy
•  Regularly patch the infrastructure and software in order to be complaint to the Client’s policy and guidelines, and advisories from regulatory, information security and statutory authorities
• Notify sufficiently in advance about patching (including emergency patching) and seek approval from the Client, such that there is no disruption in services to the Client and its customers
•  The vulnerabilities reported/ identified during the project/ application go-live to be remediated as per the Information Security policy of the Client
•  Carry out patch governance, ongoing deployment tracking and compliance thereof
•  Carry out VAPT remediation including configuration and hardening level changes, security updates and patching
•  Conduct continuous review and collection of patches released and vulnerabilities identified including zero day vulnerabilities, and its applicability with respect to the Asset Inventory
•  Review existing patch management process and provide recommendations
•  Prepare Patch plan for OS/DB Server/End points, its execution and reporting, attend to hotfix
•  Identification of Top 10 critical & high patches for OS and application software 11
•  Plan, prioritize (on the basis of criticality of application, tier rating etc )schedule and carryout continuous patching/ support for Windows, Linux and AIX platform, Database, Middleware and all other various software components and Development tools where vulnerabilities are reported during VAPT scanning in close co-ordination and follow-up with respective Application, Infra, Network and Security teams
•  Help in implementing workaround provided by respective OEM for the reported vulnerability
•  Coordination for downtime to complete the schedule patching
•  Take necessary approval from Client for shutdown, if required, for patch or update implementation
•  Schedule shutdown of production system and inform respective application users
•  Implement patches as per approved deployment strategy
•  Testing of patches before rollout and provide observations
•  Rollback efforts in case of issues
•  A practical and up-to date roll back plan has to be adopted in case of failures
•  Follow up and co-ordinate with OEM/3rd party support vendors for patch deployment
•  Coordination with OEM/ Vendor in case of any dependency
•  Coordination and patching of app related vulnerabilities with App Support
•  The technical resources should be competent to Handle/ Integrate/Implement/Test patches within Client’s stipulated time 22
•  Catalogue updation for different flavors of operating systems like Windows/RHEL/AIX/SOLARIS and all other supporting software’s
•  Assist, Develop, Manage and Monitor suitable Policies, Procedures and deployment strategy for Patch Management
•  Raise Change Management for deployment of patches or updates
•  Capability to identify the devices where patches are applied but not yet activated (pending restart) And carrying out other related activities
•  Prepare and maintain Standard Operating Procedure (SOP) document pertaining to the remidiation services