Senior Consultant - Technology & Cyber Risk

About the Team

KPMG’s Technology Risk & Cyber team is a nationally led, fast‑growing group helping clients tackle complex technology risks and cyber threats. The practice brings deep capabilities across cyber strategy, risk management, cloud security, incident response and resilience, working across industries to deliver innovative, trusted solutions. You’ll join a collaborative, future‑focused environment where your security and cyber defence skills make a real impact for Australian organisations.

We also partner closely with adjacent Technology Risk & Resilience specialists to strengthen governance, audit/assurance, and operational resilience programs (including cloud control frameworks and incident response planning).

About the Role

We’re hiring a Senior Consultant with strong hands‑on penetration testing and cyber defence expertise. You’ll plan and execute technical assessments (network, application, API, cloud), support red team exercises, and collaborate with client SOC/blue teams (purple teaming) to improve detection and response. You’ll translate complex issues into practical recommendations, guide junior consultants, and contribute to proposals and thought leadership. Importantly, you will continue to grow as a offensive security professional, working with your team and technical community to gain new skills, experience and certifications.

Position Objectives

• Reduce real‑world cyber risk for clients through high‑quality offensive testing and pragmatic remediation guidance.
• Enhance resilience by aligning technical controls and response playbooks with recognised standards and client obligations (e.g., ISO/NIST, ASD Essential Eight, APRA CPS 234; and for resilience, CPS 230 where applicable).
• Elevate trust with board‑ready reporting that connects technical findings to business objectives and regulatory expectations.

Key Responsibilities

• Plan and deliver penetration tests across web/mobile applications, internal/external networks, APIs and cloud platforms, applying both manual tradecraft and tooling; produce clear, actionable reports and retest remediation.
• Conduct red team exercises (scenario‑based adversary simulations) to assess end‑to‑end detection, response and resilience; coordinate purple‑team activities with client defenders to uplift SOC capabilities.
• Assess and harden controls against recognised frameworks and regulations (e.g., ISO/IEC 27001, NIST CSF, ASD Essential Eight, APRA CPS 234; and resilience alignment to CPS 230
• Support incident response readiness (table‑tops, playbooks, detection engineering) and contribute to compromise assessments where required.
• Coach junior team members; contribute to proposals, pricing and client presentations; help develop service accelerators and methodologies.

Skills & Experience

• Offensive security background with proven delivery of penetration testing and (ideally) red/purple‑team engagements across multiple environments.
• Developing consulting skills: a commitment to client service excellence, structured communication and the ability to brief senior stakeholders in plain language.
• Risk & resilience literacy: familiarity with ISO 27001/NIST CSF, ASD Essential Eight, APRA CPS 234 (information security) and CPS 230 (operational resilience) in Australian contexts.
• Security engineering know‑how across common attack paths (identity, email, endpoint, network, cloud), plus knowledge of modern SOC tooling and detection/response practices.
• Growth mindset: stays current on emerging threats (incl. AI‑enabled attacks) and defensive automation opportunities highlighted in KPMG’s latest cyber considerations, coupled with a commitment to gain new skills and certifications.

• Tertiary qualification in Information Security, Computer Science, Information Systems or related discipline (or equivalent experience).
• Industry offensive security credentials (examples): CREST ANZ / CREST certifications; OSCP (OffSec Certified Professional) or comparable. These are widely recognised in Australia for demonstrating hands‑on penetration testing capability.
• Other relevant certifications (e.g., CISSP, CISA, CRISC) are valued for broader risk and assurance work.

KPMG is a professional services firm with global outreach and deep sector experience. We work with clients across an array of industries to solve complex challenges, steer change and enable growth. 

Our people are what make KPMG the thriving workplace that it is and what sets us apart is that we know great minds think differently. Collaborate with a team of passionate, highly skilled professionals who’ve got your back. You’ll build relationships with unique and diverse colleagues who will provide you with the support you need to be your best and produce meaningful and impactful work in an inclusive, equitable culture.

At KPMG, you’ll take control over how you work. We’re embracing a new way of working in many ways, from offering flexible hours and locations to generous paid parental leave and career breaks. Our people enjoy a variety of exciting perks, including retail discounts, health and wellbeing initiatives, learning and growth opportunities, salary packaging options and more.

Diverse candidates have diverse needs. During your recruitment journey, information will be provided about adjustment requests. If you require additional support before submitting your application, please contact the Talent Attraction Support Team.

At KPMG every career is different, and we look forward to seeing how you grow with us.