Jobs at KPMG – Senior Threat Hunting Analyst

Website KPMG

Job Description:

The Senior Threat Hunting Analyst will be responsible for security monitoring, security event triage, and incident response to hunt and assess, monitor, detect, respond and remediate to advanced threats. The analyst will also perform investigation to identify root cause, potential gaps, exploitation, mitigate risks and other techniques utilized to bypass security controls
The Senior Threat Hunting Analyst will be the first point of contact for security incidents and anomalies.

Job Responsibilities:

  • Independently follow procedures to contain, analyze, and eradicate malicious activity.
  • Document all activities during an incident and providing leadership with status updates during the life cycle of the incident.
  • Ensure that the security posture of the enterprise cloud environment, delivered across multiple cloud platforms, meets, and exceeds agreed industry-recognized frameworks and standards.
  • Assist with operational tickets, incident response, project activities and ad-hoc requests
  • Interpret and summarize technical information for presentation to non-technical business contacts
  • Conduct all-source collection and research, analyze, evaluate, and integrate data from multiple cyber threat intelligent sources.
  • Develop automation scripts/code to aid and introduce efficiencies in routine IR tasks.
  • Liase with threat intelligence teams and partners to obtain intel and guide threat hunting activities.
  • Conduct host and network forensics analysis of systems to identify root cause, impact, and Indicators of Compromise (IOC’s).
  • Perform threat hunting across all environments, including on-premise and cloud (Azure, AWS, etc.).
  • Perform advance threat hunting queries to identify unknown threats and new Indicators of Compromise (IOC’s).
  • Perform real-time triaging on security alerts that are populated in a Security Information and Event Management (SIEM) system, Web filtering, ATP, Azure Security Center or Prisma Cloud.
  • Monitor and analyze a variety of network, cloud, and host-based security appliance logs (Firewalls, IPS, NAC, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.

Job Requirements:

  • Technical proficiency with MITRE ATT&CK Framework and how it’s used to assess, enhance, and test security monitoring, threat detection, and mitigation activities.
  • Understanding of frameworks such as NIST, RMF, ISO etc.
  • Good understanding of SOC, Cloud operations, security, automation, and orchestration. Previous SOC experience is preferred.
  • Understanding of possible attack activities such as network probing/scanning, DDOS, APT, malicious code activity, reverse engineering, malware analysis etc.
  • Direct hands-on experience with at least 1 EDR solution such as Carbon Black and MDE.
  • Strong technical experience in the implementation and maintenance of security processes, including threat event lifecycle management, Threat Hunting, and Threat Intelligence activities
  • Previous experience of working with law enforcement is a plus.
  • 3+ years in experience in Incident Response / Computer Forensics / Network Forensics / Threat Hunting and Threat Intel or related fields.
  • 1-2 years scripting/programming experience preferred eg. Python, Powershell, SQL, Java.
  • Knowledge with security platforms such as (Cisco, Palo Alto NGFW, Proofpoint, Qualys, SIEM, EDR, DLP, etc.).
  • Minimum of 2+ years of experience in security technologies such as Security information and event management (SIEM), IDS/IPS, Data Loss
  • Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
  • Experience with cyber threat actor attribution and their associated tactics, techniques, and procedures (TTPs).
  • Experience with public Cloud platforms (AWS, Azure).
  • Understanding of basic networking protocols such as TCP/IP, DNS, FTP, SSH, HTTP/S
  • Previous exposure/ Hands-on experience in using Prisma Cloud CSPM or CWPP for Incident response related activities is preferred

Job Details:

Company: KPMG

Vacancy Type: Full Time

Job Location: Moncton, NB, CA

Application Deadline: N/A

Apply Here