ITS Global (Information Technology Services Global) is one of four pillars within KPMG’s Global Technology & Knowledge group. As such, ITS Global provides innovative components that KPMG’s business functions and member firms use to deliver client-facing solutions. ITS Global also provides the information protection and technology infrastructure that secures KPMG’s technology environment and connects its network of member firms. ITS Global works with the other GT&K pillars to provide KPMG technology solutions that leverage world-leading partnerships, disruptive digital capabilities and access to the firm’s collective intelligence
KPMG’s IPG Managed Security Services (MSS) helps defend KPMG and its clients from cyber-attacks, through timely detection, investigation and remediation of potential threats.
The role holder is responsible for the continuous development of content management, correlation rules and reporting, providing technical insight into current and emerging threat activity based on threat modelling tools and techniques.
• Subject Matter Expert for Cyber Security monitoring, managing the delivery of all content management for detecting threats aligned with the Mitre [email protected] Framework and Cyber Kill Chain utilizing native Microsoft security monitoring solutions.
• Ensure all continuous improvement such as adding new types of detection logic, use cases, intelligence and data enrichment feed and log type
• Attend and contribute to content meetings with the MSS operational team to review Security Incidents and collaborate on content tuning
• Ensure all content rule changes are handle to the required MSS standards and KPIs
• Improve and challenge existing processes and procedures in a very agile global and fast moving information security environment.
• Responsible for identifying & profiling current and emerging threats.
• Monitoring for emerging threat patterns and vulnerabilities.
• Communicates with management on Threat landscape.
• Able to own and adhere to threat modelling lifecycle.
% of Time Accountability:
50 Continuous development of content management, correlation rules and reporting.
20 Responsible for identifying & profiling current and emerging threats.
20 Monitoring for emerging threat patterns and vulnerabilities.
10 Maintain documentation on residual risk, along with assignment of leadership owners and recommended steps for remediation.
“Everyone a Leader” Competencies
Apply a strategic perspective: Uses diverse sets of inputs to develop a broad perspective on business and people issues
Build collaborative relationships: Connects with individuals, teams and organizations to build lasting, collaborative relationships that enable global, firm-wide growth
Foster innovation: Embraces a culture of innovation and experimentation to create value
Drive quality: Delivers high-quality products and exceptional service that provide value and exceed client expectations
Develop and motivate others: Engages teams, instills confidence, and coaches people to find meaning in their work and achieve exceptional results
Technical Skills & Qualifications
Possesses experience with Microsoft Azure Security monitoring solutions including, but not limited to, configuration and management of;
Microsoft Azure Sentinel
Microsoft Defender Advanced Threat Protection (MDATP)
Microsoft Cloud App Security (MCAS)
Azure Security Centre (ASC)
Azure Advanced Threat Protection (AATP)
• Solid understanding of log management (format, storage, transport, etc.) and different types of log sources
• Experience with Azure and O365 management and security logging capabilities
• Experience with content management and writing detection logic on security event platforms
• Experience with Query Languages (e.g. KQL)
• Scripting or programming experience in Python/Powershell
• In depth knowledge of Linux OS and Windows OS
Bachelor’s Degree in Computer Science, Computer Networking, or Computer Security or equivalent
• CISSP or CISA or CISM or Certifications or equivalent
• Experience of working in a high volume and result-oriented operational environment.
• Experience of working in high performing teams and understand the dynamics of teamwork in a SOC environment.
• Excellent written and oral communications. Experience working with vendors and various solution providers
• Demonstrated ability to document processes and procedures.
To apply for this job please visit www.cybersecurityjobsite.com.