Lead Data & AI Platforms Security Engineer

Job description

The KPMG Audit Technology team is dedicated to building cutting-edge solutions in close collaboration with the Audit function. We blend audit expertise with the latest technology, enabling us to understand the challenges our customers face daily and develop indispensable products that simplify their lives while promoting Audit Quality.

The KPMG Clara engineering team is dedicated to building cutting-edge Analytics and AI products for our Audit business. We blend audit expertise with the latest cloud technologies to build and run products that simplify the lives of our audit colleagues while promoting Audit Quality.

As a crucial member of the team, you will collaborate with a talented mix of Product Owners/Managers, Solution, Cloud and Enterprise Architects, Experience Designers, Business Analysts, and Testing specialists to build, deliver, and manage a portfolio of truly exciting products.

In recent years, our products' size and scale have rapidly expanded, leading to significant growth in our technology capability. There's never been a better time to join us.

With our ambitious growth plans, your future here is something to get excited about. As a valued team member, you'll be expected to stay current with the tech field and the latest trends in Audit delivery.

Why Join KPMG’s Audit Technology Team

As a subject matter expert on secure application development within the CI/CD pipeline utilising Azure technologies, this role is to manage the day-to-day operation of the Platform technical security controls and processes within the Audit Data Solutions team.  The role will have a dotted line into the Security Architecture & Advisory team to ensure the implementation of security processes aligns KPMG’s security frameworks, policies, standards, whilst collaborating with other security teams in areas such as vulnerability management, and incident management.

In this delivery-focused Security Engineer role, you will have the exciting opportunity to manage multiple workstreams simultaneously. Your responsibilities will encompass supporting the secure development and deployment of Azure-based solutions, actively participating in security audits, and contributing to the continuous improvement of security measures within Clara Data Solutions. As a key player in our security strategy, you will play a pivotal role in fortifying our systems against potential threats, ensuring the resilience of our security infrastructure, and promoting a culture of security awareness throughout the organization.

What will you be doing?

• Develop, document, and maintain Platform security processes and plans per KPMG’s trust and verify framework.
• Support in the development/design and management of Product/Platform security processes and automated tooling that prevent security issues.
• Lead on threat modelling exercises for our products.  
• Perform security-focused code reviews.
• Support penetration testing activities.
• Prioritise and oversee vulnerability remediation.
• Manage the implementation of logging and integration to the corporate SIEM for SOC monitoring.
• Lead Clara’s response to incidents and risks raised by the SOC.
• Champion and coach cloud security principles across our product engineering team.
• Manage escalations of security related issue, risk or exceptions, including audit actions
• Lead Clara’s relationships with central security teams (Security Architecture, Security Testing, Security Operations) and contribute to communities of practice.

What will you need to do it?

• Excellent understanding of security controls within Azure environments
• Previous experience developing cloud-native applications using infrastructure-as-code best practices.
• Experienced in assessing and securing containerized applications (Docker and Kubernetes security)
• Experienced in conducting security assessment of cloud-based environments, API's and Web Applications.
• Experience in managing infrastructure as code (IaC) (ideally Terraform) and CI/CD pipelines.
• Experience in Implementing automated compliance and security checks via Azure Policies or other tooling.
• Confident in using Git based source control.
• Comfortable with a modern languages (Java, Python, Go, JavaScript, etc.)
• Up-to-date knowledge of common security weaknesses and associated mitigations within cloud environments.
• Ability to pragmatically introduce security controls.
• Strong communication skills and the ability to work with all stakeholders.
• Autonomy and initiative in identifying and resolving problems across the business.

Skills we’d love to see/Amazing Extras:

Ideally, you will also hold the following certifications:

• CISSP
• Azure Security Engineer Associate AZ-500
• Cybersecurity Architect Expert SC-100
• Security Operations Analyst Associate SC-200
• Microsoft Identity and Access Administrator SC-300

To discuss this or wider roles with our recruitment team, all you need to do is apply, create a profile, upload your CV and begin to make your mark with KPMG.

Our Locations:

This role will be based in London