Advisory - Consulting, Cyber Response | Mid-Year Internship 2026 (May 2026 - Jul 2026)

Overview

At KPMG, your long-term future is as important to us as it is to you. We aim to provide experiences that stay with you for a lifetime—from great training and development to mobility opportunities and corporate responsibility volunteering. We pride ourselves on a culture that recognises hard work, encourages new ways of thinking, and embraces diversity and inclusion. We have an innovative spirit that inspires what we do and how we do it, with a focus on striving to be better.

Technology underpins many of the world’s most influential organisations and presents opportunities to seek new markets and invest in transformational change. The rapid emergence of technology, greater connectivity, and a 24/7 global commerce environment can leave organisations behind the curve or exposed to risk. By turning traditional thinking on its head and adopting a positive approach to managing risk, organisations can achieve their business aspirations.

About the Role

KPMG Cybersecurity professionals address concerns around confidentiality, integrity, availability, and privacy of technology, business systems, and information assets. Using a holistic view of how technology and business integrate, the Cyber team conducts technology-risk focused assessments, technology compliance reviews, IT/operational process reviews, and designs information risk and cyber security solutions.

We are looking for candidates to join a growing team to assist clients in the following area:

Role: Cyber Response

KPMG Cyber Response professionals work at the forefront of major cyber-attacks, supporting clients as the “First Responders” to cyber security incidents and major cyber emergencies. They assist clients who have experienced a cyber security incident or are suspected of an ongoing cyber-attack (e.g., ransomware, business email compromise, data breach, security incidents in cloud, unauthorised access to IT resources, or other network intrusions).

Responsibilities include investigating the root cause and the extent of the breach (data exfiltration, compromised accounts, impacted hosts and servers, active threats, malicious files), aiding containment and remediation for timely recovery, and expelling intruders from the network. They provide practical recommendations to prevent further incidents.

KPMG Cyber Response also supports non-emergency engagements such as Compromise Assessment (CA) and Threat Hunting (TH). These engagements help detect threats or potential compromise in early stages of a cyber-attack before disruption to business operations. To support clients in enhancing IR capabilities and security posture, KPMG also assists with engagements like Table-Top Exercises (TTX), IR training, playbook development, and Incident Response (IR) plan reviews.

Responsibilities

• Design, implement, test, and support security solutions for KPMG’s clients in collaboration with cyber security subject matter experts.
• Work with engagement managers on log analysis, review of endpoint data to identify anomalies, indicators of compromise (IOCs), malicious files, and threat actors to determine root cause and incident impact.
• Support containment and eradication efforts.
• Document findings and contribute to IR update calls.
• Collaborate with other cyber teams to deliver end-to-end incident response and recovery, including support for Cyber OT/IoT security services such as risk assessments, VAPT, OT cybersecurity audits, and cybersecurity maturity assessments.
• Assist senior team members with the preparation of playbooks, TTX materials, and business proposals.

Ideal Candidate / Qualifications

• Degree in Cybersecurity / Information Security; or a degree in Engineering with relevant skills/experience/aptitude for cybersecurity; or a degree in Computer Science / IT with relevant skills/experience/aptitude for cybersecurity.
• Understanding of core cybersecurity principles, including threat vectors, vulnerabilities, and basic defence mechanisms.
• Awareness of standards and frameworks such as NIST, ISO 27001, and the SANS PICERL model.
• Familiarity with Windows artifacts and endpoint logs; familiarity with network device logs and experience in forensic triage is preferred but not mandatory.
• Familiarity with the incident response lifecycle and ability to support containment and recovery efforts.
• Ability to contribute to incident reports, playbooks, and TTX reports.
• Programming skills are preferred.
• Strong understanding of operating systems (Windows, Linux, macOS) and cloud environments (Azure, AWS, Google) is preferred.
• Entry-level certifications such as CompTIA Security+, CHFI, or CEH, or mid-level GIAC certifications are desirable but not mandatory.

Soft Skills

• Strong problem-solving skills with the ability to break down complex issues into smaller components.
• Ability to work as part of a larger team and independently.
• Clear verbal and written communication skills, especially when documenting findings or engaging with clients and team members.
• Demonstrates integrity, accountability, and a client-focused mindset.
• Eager to learn and grow in the cybersecurity domain through continuous learning and research, with a willingness to share knowledge with the team.