You're using an older version of Internet Explorer that is no longer supported. Please update your browser.
KPMG

Senior Threat Hunting Lead

Posted 15 days ago

Job Details

Location

Canada

Job Description

Overview
At KPMG, you'll join a team of diverse and dedicated problem solvers, connected by a common cause: turning insight into opportunity for clients and communities around the world.

The Senior Threat Hunting Lead is a part of the Information Security Team , is primarily responsible for gathering specific threat intelligence, leading, responding, resolving security incidents, and performing threat hunts across all environments, including both on-premise and cloud (Azure, AWS, GCP) . The role will contribute to the Security Operations Team and their mandates.

The role requires an in-depth understanding of Threat Intelligence platforms, Threat Hunting methodologies and expertise in leveraging associated tools.

What you will do
The Senior Threat Hunting Lead will be responsible for security threat monitoring, security event triage, and incident response to hunt and assess, monitor, detect, respond and remediate advanced threats. The analyst will also perform investigation to identify root cause, potential gaps, exploitation, mitigate risks and other techniques utilized to bypass security controls

The Senior Threat Hunting Lead will be the key point of contact for security incidents, anomalies and investigations.

Responsibilities include but not limited to:
  • Manage relationships with Threat Intel teams, Global and Regional Security Operations teams and Canadian Technology groups
  • Manage, investigate and delegate incidents reported by the SOC, Threat Intel teams, end users and security monitoring tools
  • Oversee and lead all reported incidents to completion, ensure incidents are appropriately remediated
  • Create and present incident reports to both the Senior Manager and the CISO Office
  • Train incident responders to perform threat hunts and improve the incident response process
  • Perform threat hunting across all environments, including on-premise and cloud (Azure, AWS, etc.).
  • Perform advance threat hunting queries to identify unknown threats and new Indicators of Compromise (IOC's).
  • Propose, develop and implement new SIEM use cases based on threat intelligence and landscape
  • Act as the Security Lead on projects to ensure security objectives are met and risks are mitigated
  • Liase with threat intelligence teams and partners to obtain intel and guide threat hunting activities.
  • Conduct host and network forensics analysis of systems to identify root cause, impact, and Indicators of Compromise (IOC's).
  • Conduct all-source collection and research, analyze, evaluate, and integrate data from multiple cyber threat intelligent sources.
  • Develop automation scripts/code to aid and introduce efficiencies in routine IR tasks.
  • Perform real-time triaging on security alerts that are populated in a Security Information and Event Management (SIEM) system, Web filtering, ATP/MDE, Azure Security Center or Prisma Cloud.
  • Monitor and analyze a variety of network, cloud, and host-based security appliance logs (Firewalls, IPS, NAC, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.
  • Independently follow procedures to contain, analyze, and eradicate malicious activity.
  • Document all activities during an incident and provided leadership with status updates during the life cycle of the incident.
  • Perform malware analysis to determine new IOC's and impact
  • Forensic examination of assets to determine scope of incident and if/what data exfiltration occurred
  • Ensure that the security posture of the enterprise cloud environment, delivered across multiple cloud platforms, meets, and exceeds agreed industry-recognized frameworks and standards.
  • Assist with operational tickets, incident response, project activities and ad-hoc requests
  • Interpret and summarize technical information for presentation to non-technical business contacts.
Position may require on-call and after-hours work, as needed to support KPMG business needs
What you bring to the role
  • Excellent verbal and written communication skills, must be able to write/present to senior leadership with impact.
  • 3+ years in experience in Incident Response / Computer Forensics / Network Forensics / Threat Hunting and Threat Intel or related fields.
  • 1-2 years scripting/programming experience preferred e.g. Python, PowerShell, SQL, KQL.
  • Hands-on experience with at least 1 EDR solution such as Carbon Black or MDE.
  • Strong technical experience in the implementation and maintenance of security processes, including threat event lifecycle management, Threat Hunting, and Threat Intelligence activities
  • Technical proficiency with MITRE ATT&CK Framework and how it's used to assess, enhance, and test security monitoring, threat detection, and mitigation activities.
  • Understanding of frameworks such as NIST, RMF, ISO etc.
  • Experience with cyber threat actor attribution and their associated tactics, techniques, and procedures (TTPs).
  • Experience with public Cloud platforms (AWS, Azure, GCP).
  • Good understanding of SOC, Cloud operations, security, automation, and orchestration. Previous SOC experience is preferred.
  • Understanding of possible attack activities such as network probing/scanning, DDOS, APT, malicious code activity, reverse engineering, malware analysis etc.
  • Knowledge in security platforms such as Cisco, Palo Alto NGFW, Proofpoint, Qualys, SIEM, EDR, DLP, etc.
  • Minimum of 2+ years of experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
  • GCIH, GCFA, GCFE, GNFA along with CISSIP or other similar Security certifications is an asset
  • Knowledge of current security trends, threats and mitigations.
  • Proficiency in English at a business level is required
This position requires written and oral fluency in English. The successful candidate will be required to support or collaborate with English-speaking colleagues or stakeholders nationally in our English speaking provinces while at KPMG .

Providing you with the support you need to be at your best
Our Values, The KPMG Way
Integrity, we do what is right | Excellence, we never stop learning and improving | Courage, we think and act boldly | Together, we respect each other and draw strength from our differences | For Better, we do what matters

KPMG in Canada is a proud equal opportunities employer and we are committed to creating a respectful, inclusive and barrier-free workplace that allows all of our people to reach their full potential. A diverse workforce is key to our success and we believe in bringing your whole self to work. We welcome all qualified candidates to apply and hope you will choose KPMG in Canada as your employer of choice.

Adjustments and accommodations throughout the recruitment process
At KPMG, we are committed to fostering an inclusive recruitment process where all candidates can be themselves and excel. We aim to provide a positive experience and are prepared to offer adjustments or accommodations to help you perform at your best. Adjustments (informal requests), such as extra preparation time or the option for micro breaks during interviews, and accommodations (formal requests), such as accessible communication supports or technology aids, are tailored to individual needs and role requirements. You will have the opportunity to request an adjustment or accommodation at any point throughout the recruitment process. You will have an opportunity to request an adjustment or accommodation at any point throughout the recruitment process. If you require support, please contact KPMG's Employee Relations Service team by calling 1-888-466-4778.

About KPMG

KPMG LLP is the Canadian member firm of KPMG International. We provide Audit, Tax, and Advisory services to many of the public and private business, not-for profit, and public sector organizations in Canada. Nationally, there are 40 offices and over 700 partners and 7,000 employees working together to help Canadian businesses achieve their goals. Leveraging the skills, knowledge and passion of our firm and our people allows us to serve our clients with uncompromising professionalism, cutting through complexity to provide valuable insight—in Canada and around the world. KPMG s.r.l./S.E.N.C.R.L. est le cabinet canadien membre de KPMG International Cooperative (« KPMG International »). Nous offrons des services professionnels en audit et en fiscalité ainsi que des services-conseils à une vaste clientèle composée notamment de sociétés ouvertes et fermées, d’organismes sans but lucratif et d’organisations du secteur public au Canada. KPMG compte 40 bureaux à l’échelle nationale, au sein desquels collaborent plus de 700 associés et 7 000 employés pour aider les sociétés canadiennes à atteindre leurs objectifs. Nous misons sur les compétences et le savoir-faire de notre équipe pour servir nos clients − au Canada et ailleurs dans le monde − avec rigueur et professionnalisme. Notre mission première : simplifier la complexité en proposant des perspectives éclairantes.

Industry

Banking & Finance

Company Size

5001-10,000 employees

Application closing date is 2025-02-07

Interested in jobs like this?

Sign up for email alerts
Get job alerts

Work with our Featured Employers

M space man icon M
Watch now
H O T Marketing. Tips. Sauce.
Marketing On Mars Podcast Full episodes twice per month
Job successfully reported

Thank you for helping us identify suspicious behaviour.