Cyber Operations, Cyber Threat Analyst
KPMG
Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today's most important industries. Our growth is driven by delivering real results for our clients. It's also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it's no wonder we're consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Seramount, Fair360 and others. If you're as passionate about your future as we are, join our team.
KPMG is currently seeking a Cyber Operations, Cyber Threat Analyst to join our Enterprise Security Services organization. This is a remote work opportunity.
Responsibilities:
- Take responsibility for the daily creation and distribution of CTI report reports which includes daily CTI news and its relevance to KPMG, to senior leadership and various workstreams; handle alert and conduct investigations using CTI tools; perform comprehensive analysis of both successful and unsuccessful intrusions by targeted threat actors; construct detailed descriptions of campaigns, actors, and organizations
- Seek out, collect, and properly exploit intelligence from various sources; generate intelligence from internal data sources and share it accordingly to further the organization's objectives; produce operating metrics and key performance indicators
- Assist with IOC sweeps/blocks/investigations of hits and automating this task; help with the assessment of the top threat actors/malware for the firm to prioritize assessments/hunts
- Research and develop risk mitigating approaches and drive response and remediation; document processes and procedures in the form of playbooks and reference guides
- Lead internal skills development activities for information security personnel on the topic of cyber threat intelligence by providing mentoring and conducting knowledge sharing sessions
- Provide input to business cases and presentations to senior IT leadership of proposed security products and studies
Qualifications:
- Minimum five years of recent experience in cyber threat intelligence and/or cyber threat hunting; experience in security monitoring, security operations, and incident response activities, preferably within a professional services firm or a similar environment
- Bachelor's degree from an accredited college/university preferred; relevant certifications (not required but desirable): GCTI, GCIH, GCFE, GCFA, ATT&CK CTI Cert
- Knowledge and experience in automating tasks, such as creating logic apps and scripting in PowerShell/Python to automate workflows/tasks; knowledge or background in snort rules (either reading and/or writing them); understanding of Microsoft KQL, particularly in writing queries and creating workbooks
- Experience in defining security monitoring rules, monitoring events, assessing risk, responding to incidents, and providing security oversight related to the security features of IT tools supported by the IT operations teams; experience in developing/utilizing SIEM queries for investigating IOCs within the network and in conducting analysis based on Deep Dark Web intelligence
- Strong knowledge of incident response and crisis management with the ability to identify both tactical and strategic solutions; experience with IT process definition and/or improvement; able to coordinate, work with, and gain the trust of business stakeholders, technical resources, and third-party vendors; excellent verbal/written communication skills with the ability to effectively interact with individuals at all levels of responsibility and authority; outstanding collaboration, analytical, and presentation skills
- Experience in leading meetings and operating effectively in a matrixed environment; must be able to prioritize, delegate, and support an environment driven by customer service and teamwork; robust troubleshooting and organizational skills, with the capability to work on multiple projects simultaneously; must be able to participate in resource planning processes based on defined organizational plans; capable of participating in the development of resource plans and project estimation
- US Citizenship is required
https://kpmg.com/us/en/how-we-work/pay-transparency.html/?id=4847_9_24
KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding the firm's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please.
KPMG recruits on a rolling basis. Candidates are considered as they apply, until the opportunity is filled. Candidates are encouraged to apply expeditiously to any role(s) for which they are qualified that is also of interest to them.
KPMG does not currently require partners or employees to be fully vaccinated or test negative for COVID-19 in order to go to KPMG offices, client sites or KPMG events, except when mandated by federal, state or local law. In some circumstances, clients also may require proof of vaccination or testing (e.g., to go to the client site).