Senior Threat Hunting Lead
Posted 17 days ago
Job Description
Overview
At KPMG, you'll join a team of diverse and dedicated problem solvers, connected by a common cause: turning insight into opportunity for clients and communities around the world.
The Senior Threat Hunting Lead is a part of the Information Security Team , is primarily responsible for gathering specific threat intelligence, leading, responding, resolving security incidents, and performing threat hunts across all environments, including both on-premise and cloud (Azure, AWS, GCP) . The role will contribute to the Security Operations Team and their mandates.
The role requires an in-depth understanding of Threat Intelligence platforms, Threat Hunting methodologies and expertise in leveraging associated tools.
What you will do
The Senior Threat Hunting Lead will be responsible for security threat monitoring, security event triage, and incident response to hunt and assess, monitor, detect, respond and remediate advanced threats. The analyst will also perform investigation to identify root cause, potential gaps, exploitation, mitigate risks and other techniques utilized to bypass security controls
The Senior Threat Hunting Lead will be the key point of contact for security incidents, anomalies and investigations.
Responsibilities include but not limited to:
What you bring to the role
Providing you with the support you need to be at your best
Our Values, The KPMG Way
Integrity, we do what is right | Excellence, we never stop learning and improving | Courage, we think and act boldly | Together, we respect each other and draw strength from our differences | For Better, we do what matters
KPMG in Canada is a proud equal opportunities employer and we are committed to creating a respectful, inclusive and barrier-free workplace that allows all of our people to reach their full potential. A diverse workforce is key to our success and we believe in bringing your whole self to work. We welcome all qualified candidates to apply and hope you will choose KPMG in Canada as your employer of choice.
Adjustments and accommodations throughout the recruitment process
At KPMG, we are committed to fostering an inclusive recruitment process where all candidates can be themselves and excel. We aim to provide a positive experience and are prepared to offer adjustments or accommodations to help you perform at your best. Adjustments (informal requests), such as extra preparation time or the option for micro breaks during interviews, and accommodations (formal requests), such as accessible communication supports or technology aids, are tailored to individual needs and role requirements. You will have the opportunity to request an adjustment or accommodation at any point throughout the recruitment process. You will have an opportunity to request an adjustment or accommodation at any point throughout the recruitment process. If you require support, please contact KPMG's Employee Relations Service team by calling 1-888-466-4778.
At KPMG, you'll join a team of diverse and dedicated problem solvers, connected by a common cause: turning insight into opportunity for clients and communities around the world.
The Senior Threat Hunting Lead is a part of the Information Security Team , is primarily responsible for gathering specific threat intelligence, leading, responding, resolving security incidents, and performing threat hunts across all environments, including both on-premise and cloud (Azure, AWS, GCP) . The role will contribute to the Security Operations Team and their mandates.
The role requires an in-depth understanding of Threat Intelligence platforms, Threat Hunting methodologies and expertise in leveraging associated tools.
What you will do
The Senior Threat Hunting Lead will be responsible for security threat monitoring, security event triage, and incident response to hunt and assess, monitor, detect, respond and remediate advanced threats. The analyst will also perform investigation to identify root cause, potential gaps, exploitation, mitigate risks and other techniques utilized to bypass security controls
The Senior Threat Hunting Lead will be the key point of contact for security incidents, anomalies and investigations.
Responsibilities include but not limited to:
- Manage relationships with Threat Intel teams, Global and Regional Security Operations teams and Canadian Technology groups
- Manage, investigate and delegate incidents reported by the SOC, Threat Intel teams, end users and security monitoring tools
- Oversee and lead all reported incidents to completion, ensure incidents are appropriately remediated
- Create and present incident reports to both the Senior Manager and the CISO Office
- Train incident responders to perform threat hunts and improve the incident response process
- Perform threat hunting across all environments, including on-premise and cloud (Azure, AWS, etc.).
- Perform advance threat hunting queries to identify unknown threats and new Indicators of Compromise (IOC's).
- Propose, develop and implement new SIEM use cases based on threat intelligence and landscape
- Act as the Security Lead on projects to ensure security objectives are met and risks are mitigated
- Liase with threat intelligence teams and partners to obtain intel and guide threat hunting activities.
- Conduct host and network forensics analysis of systems to identify root cause, impact, and Indicators of Compromise (IOC's).
- Conduct all-source collection and research, analyze, evaluate, and integrate data from multiple cyber threat intelligent sources.
- Develop automation scripts/code to aid and introduce efficiencies in routine IR tasks.
- Perform real-time triaging on security alerts that are populated in a Security Information and Event Management (SIEM) system, Web filtering, ATP/MDE, Azure Security Center or Prisma Cloud.
- Monitor and analyze a variety of network, cloud, and host-based security appliance logs (Firewalls, IPS, NAC, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.
- Independently follow procedures to contain, analyze, and eradicate malicious activity.
- Document all activities during an incident and provided leadership with status updates during the life cycle of the incident.
- Perform malware analysis to determine new IOC's and impact
- Forensic examination of assets to determine scope of incident and if/what data exfiltration occurred
- Ensure that the security posture of the enterprise cloud environment, delivered across multiple cloud platforms, meets, and exceeds agreed industry-recognized frameworks and standards.
- Assist with operational tickets, incident response, project activities and ad-hoc requests
- Interpret and summarize technical information for presentation to non-technical business contacts.
What you bring to the role
- Excellent verbal and written communication skills, must be able to write/present to senior leadership with impact.
- 3+ years in experience in Incident Response / Computer Forensics / Network Forensics / Threat Hunting and Threat Intel or related fields.
- 1-2 years scripting/programming experience preferred e.g. Python, PowerShell, SQL, KQL.
- Hands-on experience with at least 1 EDR solution such as Carbon Black or MDE.
- Strong technical experience in the implementation and maintenance of security processes, including threat event lifecycle management, Threat Hunting, and Threat Intelligence activities
- Technical proficiency with MITRE ATT&CK Framework and how it's used to assess, enhance, and test security monitoring, threat detection, and mitigation activities.
- Understanding of frameworks such as NIST, RMF, ISO etc.
- Experience with cyber threat actor attribution and their associated tactics, techniques, and procedures (TTPs).
- Experience with public Cloud platforms (AWS, Azure, GCP).
- Good understanding of SOC, Cloud operations, security, automation, and orchestration. Previous SOC experience is preferred.
- Understanding of possible attack activities such as network probing/scanning, DDOS, APT, malicious code activity, reverse engineering, malware analysis etc.
- Knowledge in security platforms such as Cisco, Palo Alto NGFW, Proofpoint, Qualys, SIEM, EDR, DLP, etc.
- Minimum of 2+ years of experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
- GCIH, GCFA, GCFE, GNFA along with CISSIP or other similar Security certifications is an asset
- Knowledge of current security trends, threats and mitigations.
- Proficiency in English at a business level is required
Providing you with the support you need to be at your best
Our Values, The KPMG Way
Integrity, we do what is right | Excellence, we never stop learning and improving | Courage, we think and act boldly | Together, we respect each other and draw strength from our differences | For Better, we do what matters
KPMG in Canada is a proud equal opportunities employer and we are committed to creating a respectful, inclusive and barrier-free workplace that allows all of our people to reach their full potential. A diverse workforce is key to our success and we believe in bringing your whole self to work. We welcome all qualified candidates to apply and hope you will choose KPMG in Canada as your employer of choice.
Adjustments and accommodations throughout the recruitment process
At KPMG, we are committed to fostering an inclusive recruitment process where all candidates can be themselves and excel. We aim to provide a positive experience and are prepared to offer adjustments or accommodations to help you perform at your best. Adjustments (informal requests), such as extra preparation time or the option for micro breaks during interviews, and accommodations (formal requests), such as accessible communication supports or technology aids, are tailored to individual needs and role requirements. You will have the opportunity to request an adjustment or accommodation at any point throughout the recruitment process. You will have an opportunity to request an adjustment or accommodation at any point throughout the recruitment process. If you require support, please contact KPMG's Employee Relations Service team by calling 1-888-466-4778.
About KPMG
Industry
Banking & FinanceCompany Size
5001-10,000 employees
Application closing date is 2025-02-07
Current Openings
-
Full Time
-
Full Time
-
Full Time
-
Full Time
-
Full Time
-
Full Time
-
Full Time
-
Data Scientist
BCLC
Full Time
-
Full Time
-
Full Time