KPMG - Manager - Cyber Incident Response

Cyber Incident Response Manager

Role :

- The Cyber Analyst Senior Associate role is responsible for cyber security monitoring and managing the cyber security incident response lifecycle. The primary objectives are monitoring for cyber threats, responding to, analyzing and triaging alerts and conducting root cause analysis and minimizing the impact of the threat.

- The analyst is responsible for the day-to-day management of cyber security incidents, and through detailed analysis, interviews and threat research, be able to discern a legitimate threat from a false positive event.

- The management of cyber security incidents includes the creation of an incident in a ticketing system, ownership and assignment of tasks, tracking, facilitation of meetings and analysis sessions, collection of data, note taking, communication, reporting, and management of documentation in the form of incident reports and procedure updates (IR playbooks and procedures).

Mandatory Skills :

- Splunk Enterprise Security (SPL, advanced queries, reporting)

- Develop advanced queries, reports and correlations in the response to security incidents to validate the activity, trace adversary action and determine true root cause.

Technical acumen (working knowledge of) :

- Network communications

- Windows internals (subsystem, authentication process: Kerberos)

- Unix

- Intrusion Detection Devices (IDS), firewalls, load balancers, proxies, DLP

- Email, including mail routing, email header analysis

- Cloud computing concepts

- PowerShell

- Experience conducting cyber incident response activities such host triage, malware analysis, system analysis, user interviews and remediation efforts.

Understanding of the threat landscape and common attack vectors

- Web based attacks (OWASP Top 10)

- Malware

- Phishing techniques

- Network based attack

- Vulnerability exploits

- Account takeover

- Reconnaissance

- Ability to compile detailed cyber investigation and analysis reports for internal SOC consumption and delivery to management

- Strong analytical, research and problem solving skills

- Experience working with cross functional teams, operations, and projects preferably within a professional services firm or similar environment

- Excellent verbal, written and interpersonal communication skills

- Experience threat hunting for Tactics, Techniques and Procedures (TTPs)

- Experience working in large scale complex environment

- Experience writing security documentation in the form of incident response procedures orplaybooks

- Knowledge of incident and service management and tools for reporting and trending, such as ServiceNow, Archer SecOps

Educational Criteria :

- BTech / BE / MCA

- With the relevant 10 to 13 Years of experience