Job description
ITS Global (Information Technology Services Global) is one of four pillars within KPMG's Global Technology & Knowledge group. As such, ITS Global provides innovative components that KPMG's business functions and member firms use to deliver client-facing solutions. ITS Global also provides the information protection and technology infrastructure that secures KPMG's technology environment and connects its network of member firms. ITS Global works with the other GT&K pillars to provide KPMG technology solutions that leverage world-leading partnerships, disruptive digital capabilities and access to the firm's collective intelligence.

Role Summary
KPMG's MSS (Managed Security Services) helps defend KPMG and its clients from cyber-attacks, through timely detection, investigation and remediation of potential threats.
The role holder is responsible for the continuous investigation of correlated security event feeds and the appropriate escalation in case of an identified security incident. They are the primary contact for any suspected security incident and work together with the member firm local Computer Security Incident Response Team (CSIRT) and remediation team on resolving incidents and remediating threats to KPMG.

The MSS Senior Analyst also takes part in the creation and steady improvement (fine-tuning, whitelisting, etc.) of correlation rules, security policies, processes and procedures and other related documentation. In addition, they will support and help develop India base shift Analysts.

Working hours Monday to Friday with out of hours on call responsibilities

• Improve and challenge existing processes and procedures in a very agile global and fast moving information security environment.
• Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks in support of technologies managed by MSS
• Represent MSS in project work, sometimes acting as project lead
• Senior Analysts should have expert knowledge of:
o Cloud monitoring technologies particularly Microsoft
o EDR technologies, particularly Microsoft
o Information security policies and goals
o Log analysis and event traffic patterns
o DLP, encryption, firewall technology
o The current IT threat landscape and upcoming trends in security
• Responsible for incident response activities
• Work with Content Engineers in the development of suitable content logic and tuning of such content.
• Work with Threat Intelligence and Vulnerability Management to monitor for emerging threat patterns and vulnerabilities.
• Assists with recommendations and workarounds.
• Coordinates with other external stakeholders.
• Communicates with management on incident updates.
• Able to complete the incident lifecycle without higher level supervision.

Key Accountabilities
% of Time Accountability:
20 Act as Subject Matter Experts for analysis functions, providing support on more involved cases and guiding the activity of other analysts through collaboration
20 Investigate incidents using SIEM technology, packet captures, reports, data visualization, and pattern analysis.
15 Analyze, escalate, and assist in remediation of critical information security incidents.
15 Act as the lead coordinator for the MSS's response to individual cyber security incidents
10 Maintain documentation on residual risk, along with assignment of leadership owners and recommended steps for remediation
10 Identify and document containment and remediation efforts which successfully reduce risk
10 Responsible for taking action on alerts, events, and incidents escalated from the shift Analysts.

"Everyone a Leader" Competencies
Apply a strategic perspective : Uses diverse sets of inputs to develop a broad perspective on business and people issues
Build collaborative relationships : Connects with individuals, teams and organizations to build lasting, collaborative relationships that enable global, firm-wide growth
Foster innovation: Embraces a culture of innovation and experimentation to create value
Drive quality: Delivers high-quality products and exceptional service that provide value and exceed client expectations
Develop and motivate others: Engages teams, instills confidence, and coaches people to find meaning in their work and achieve exceptional results

Technical Skills & Qualifications
• CISSP, CISA, CISM Certifications or equivalent
• Advanced skills in analysis and response in a hybrid cloud/on premise environment
• Network infrastructure knowledge, advanced knowledge of TCP/IP and Internet protocols.
• Advanced understanding of information security, border protection, incident handling & response, forensics, endpoint protection & encryption
• Optional, earned one or more of the following certifications:
o GSEC (GIAC Security Essentials Certification)
o GISP (GIAC Information Security Professional)
o GMON (GIAC Continuous Monitoring Certification)
o GCIH (GIAC Certified Incident Handler)
o CCFP (Certified Cyber Forensics Professional)
o CCNP (Cisco Certified Network Professional)
o Security toolset certification (vendor provided training, i.e. Microsoft, etc.).

Description of level of Qualifications
• Bachelor's Degree in Computer Science, Computer Networking, or Computer Security or equivalent experience; Master's Degree preferred
• 5 plus years of security experience preferable and 5 plus years of IT experience preferable
• Strong understanding of computer science: algorithms, data structures, databases, operating systems, networks, and tool development
• Policy and Standard, Incident Management., Prioritization, Technologies, Security, Testing, Monitoring, IT Change, Infrastructure, Application

Experience & Knowledge
• Experience working in a Microsoft Cloud environment using Microsoft security tooling
• Experience with network forensics, packet and Netflow analysis, In-depth knowledge of infrastructure and operating systems.
• Advanced knowledge in; Firewalls, VPN, Intrusion detection and prevention systems, anti-virus and content filtering, URL filtering, authentication solutions, switches, routers, VoIP, DMZ.