Cyber MS MDR - Assistant Manager

Manage Detection & Response: Assistant Manager

 

Job Overview:

 

• You will be working as a consultant in KPMG’s expanding Security Operations practice. 
• As a Security Operations consultant, you will help our clients in solving some of the key challenges faced by security operations leaders.
• The work would involve advising our clients on Security Operations Strategy, Design, Maturity Assessment, and Optimisation.
• You will get a chance to learn new skills, certifications, and work with some of our key alliance partners, including some the largest security vendors in the industry.
• You will be working in a dynamic environment and engage with leading companies around the world.

 

 

Responsibilities: 

You will be working as an Lead in KPMG’s expanding Security Operations consulting practice, managing, and contributing your subject-matter expertise to challenging, complex client engagements to ensure delivery, quality, and value by:

 

• Candidate must be willing to Work from Office only (Bangalore Location) & willing to do 24x7 rotational shift (Mandatory requirement for this role)
• Understanding our clients’ business challenges and the threats they face
• Helping in solving some of the key challenges faced by security operations leaders.
• Advising our clients on Security Operations Centre (SOC) Transformation, Sourcing, MSSP evaluation, Strategy, Design, Assessments, and Optimization.
• Contribute to the development and evolution of KPMG’s strategic capabilities that underpin the integrated solutions we provide to our clients
• You will be working in a dynamic environment and engage with leading companies around the world, helping them optimise their approach to digital and technical cyber security controls and risk management
• Developing constructive client relationships, both inside and outside of KPMG
• Coaching and developing team members through sharing of experience and knowledge, as well as managing the performance and development of other team members
• Upholding KPMG’s values by acting with integrity
• Help grow the SOC function, by way of technical security-focused configuration, advice, monitoring, presentation, and documentation
• Assist with the installation, deployment, configuration, and development of SOC toolsets
• Monitor and analyse Intrusion Detection Systems (IDS), Anomaly Detection Systems (ADS), Firewall event logs, Security Incident and Event Management (SIEM) toolset and other event logs to identify security attacks and threats for remediation/suppression
• Help maintain operational security standards, process, and procedures
• Maintain awareness of global security landscape and threats, operational security threats and security industry best practice
• Work closely with and assist the Information Security function to maintain operational compliance
• Help develop and maintain technical security service descriptions and datasheets
• Respond in a timely manner to security threats or incidents within customer solutions with remediation & mitigation advice and strategy
• Ad hoc and other duties commensurate with Security Operations Centre (SOC) functions
• Be vigilant for possible fraudulent activity and if necessary, raise a security incident report using the template accessible via the corporate Intranet
• Periodically review Daisy Security Policies – centrally hosted on the Intranet - to ensure full compliance with current legal, regulatory and company requirements
• To be compliant with health and safety company policy and legislation
  
   

Key Technical requirements:

• Hands on experience in a Security Operations Centre or, alternatively, consulting, or advisory experience in Security Operations.
• Hands on experience of delivering security in cloud service provider environments: Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform, Area1, email gateway , Splunk, Microsoft defender, CrowdStrike, EDR and XDR. 
• In-depth knowledge of at least one threat detection (SIEM) platform MS-Sentinel , Splunk and of the Microsoft Security Product hands-on experience
• Operational level experience in some of these domains: security engineering, alert triaging, rule writing, incident response, DFIR, threat intelligence and management, vulnerability management, and security control testing
• Formulate and define the strategic direction as a managed service
• Perform investigation and orchestration for complex/high severity security alerts, threats, or incidents
• Serve as the lead point of contact facilitating incident response orchestration with client.
  Lead research, analysis, and correlation efforts across a variety of all source data sets/collectors, log collectors and threat feeds to inform and guide the strategic direction of the offering
• As a leader of a team, ensure that the right things are being worked on at the right time, and ensure quality throughout
• Working with value architect to create pricing for opportunities
• Create and develop SOC processes and procedures, lead strategy development, methodology and execution of Use Case Catalog working with Level 1, Level 2, and Level 3 Analysts

 

 

 

 

 

 

 

 

 

 

 

 

 

Required Technical skills:
At least 8+ years of experience leading Enterprise Security Operations Centers or Managed Detection and Response analyst or incident response teams in any of the following: lead security operations center analyst (L3), threat hunting, penetration testing, digital forensics, incident response, recognizing and categorizing organizational vulnerabilities and attacks, on-prem, hybrid and cloud security concepts and protocols, providing customer technical readiness, delivery support services, on premise and remote technical support, solution development, technical requirements gathering; thought leadership, broad evangelism through events (presentation skills) or related.


 

Good to have:

• Good to have - at least one of the following certifications: CEH, CISSP, CCSP, CISM, GCIH or CHFI 
  certifications (MS-Sentinel , Splunk and any three Microsoft Security Product hands-on experience)
• Any SecOps related certifications, including security vendor certifications
• Experience with one or more of the following: Cyber-Security solutions, Security Operation Center, Threat Intelligence Management, Vulnerability Research, Digital Forensics, Incident Response, Endpoint Management, Network Security
• Product Management experience with Software as a Service (SaaS) or Infrastructure as a Service (IaaS) offerings for enterprises
• Experience in the enterprise software market and with services / product companies
• Demonstrated understanding of the techniques and methods of modern product discovery and product delivery
• Knowledge of a global, 24/7, high availability and high trust operation aspects of managed services
  Familiarity with engineering work of a security operation center
• Previous experience in cyber project management
• Part of a large transformation and implementation project

 

 

Qualifications: 

 

• Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field; or an equivalent work experience
• Experience developing and analyzing reports generated of SIEM tools
• Advanced understanding of operating system, application, network, etc. and exploitation techniques
• Reverse Malware Analysis
• Incident Response and handling methodologies, procedures, and execution
• Background performing packet-level analysis
• Experience with tools such as Nslookup, Kali Linux, Traceroute, Nmap, Nikto, NetStumbler, Metasploit, Wireshark, Aircrack Intruder, etc.
• Experience with network-based User and Entity Behavior Analytics

Specifically, Security Analysts (L2) will:

1. Rapidly identify, categorize, prioritize and investigate events as the initial cyber event detection group for the enterprise using all available security logs and intelligence sources to include but not limited to:
   1. Firewalls
   2. Systems and Network Devices
   3. Web Proxies
   4. Intrusion Detection/Prevention Systems
   5. Data Loss Prevention
   6. EDR / Antivirus Systems
   7. Knowledgebase Framework (Confluence)
2. Continuously monitor SIEM and logging environments for security events and alerts to threats, intrusions, and/or compromises, including:

• SIEM alert queue
• Security email inbox
• Intel feeds via email and other sources (e.g. NH-ISAC)
• Incident Ticketing queue (IT Security group)

1. Validate alerts as they come in to eliminate false positives and use other internal and external data sources to enrich alerts with additional context 
2. Perform triage of service requests from customers and internal teams
3. Use playbook procedures to carry out standard plays for routine event types and escalate alerts to Level 2 Analysts for further triage and remediation
4. Assist with containment of threats and remediation of environment during or after an incident
5. Act as a participant during Threat Hunting activities at the direction of one or more Incident Response Handlers
6. Document event analysis and write comprehensive reports of incident investigations
7. Proactively improve security-related operational processes and procedures
8. Use available security tools for historical analysis purposes as necessary for detected events; for example, historical searches using SIEM tools
9. Maintain operational shift logs with relevant activity from the Analyst’s shift. Document investigation results, ensuring relevant details are passed to Level 2 or MDR Analysts for final event analysis
10. Update/reference knowledgebase tool (e.g. Confluence) as necessary for changes to processes and procedures, and ingest of daily intelligence reports and previous shift logs
11. Conduct research and document events of interest within the scope of IT Security

Note : Candidate must be willing to Work from Office only (Bangalore Location) & willing to do 24x7 rotational shift (Mandatory requirement for this role)

Manage Detection & Response: Assistant Manager

 

Job Overview:

 

• You will be working as a consultant in KPMG’s expanding Security Operations practice. 
• As a Security Operations consultant, you will help our clients in solving some of the key challenges faced by security operations leaders.
• The work would involve advising our clients on Security Operations Strategy, Design, Maturity Assessment, and Optimisation.
• You will get a chance to learn new skills, certifications, and work with some of our key alliance partners, including some the largest security vendors in the industry.
• You will be working in a dynamic environment and engage with leading companies around the world.

 

 

Responsibilities: 

You will be working as an Lead in KPMG’s expanding Security Operations consulting practice, managing, and contributing your subject-matter expertise to challenging, complex client engagements to ensure delivery, quality, and value by:

 

• Candidate must be willing to Work from Office only (Bangalore Location) & willing to do 24x7 rotational shift (Mandatory requirement for this role)
• Understanding our clients’ business challenges and the threats they face
• Helping in solving some of the key challenges faced by security operations leaders.
• Advising our clients on Security Operations Centre (SOC) Transformation, Sourcing, MSSP evaluation, Strategy, Design, Assessments, and Optimization.
• Contribute to the development and evolution of KPMG’s strategic capabilities that underpin the integrated solutions we provide to our clients
• You will be working in a dynamic environment and engage with leading companies around the world, helping them optimise their approach to digital and technical cyber security controls and risk management
• Developing constructive client relationships, both inside and outside of KPMG
• Coaching and developing team members through sharing of experience and knowledge, as well as managing the performance and development of other team members
• Upholding KPMG’s values by acting with integrity
• Help grow the SOC function, by way of technical security-focused configuration, advice, monitoring, presentation, and documentation
• Assist with the installation, deployment, configuration, and development of SOC toolsets
• Monitor and analyse Intrusion Detection Systems (IDS), Anomaly Detection Systems (ADS), Firewall event logs, Security Incident and Event Management (SIEM) toolset and other event logs to identify security attacks and threats for remediation/suppression
• Help maintain operational security standards, process, and procedures
• Maintain awareness of global security landscape and threats, operational security threats and security industry best practice
• Work closely with and assist the Information Security function to maintain operational compliance
• Help develop and maintain technical security service descriptions and datasheets
• Respond in a timely manner to security threats or incidents within customer solutions with remediation & mitigation advice and strategy
• Ad hoc and other duties commensurate with Security Operations Centre (SOC) functions
• Be vigilant for possible fraudulent activity and if necessary, raise a security incident report using the template accessible via the corporate Intranet
• Periodically review Daisy Security Policies – centrally hosted on the Intranet - to ensure full compliance with current legal, regulatory and company requirements
• To be compliant with health and safety company policy and legislation
  
   

Key Technical requirements:

• Hands on experience in a Security Operations Centre or, alternatively, consulting, or advisory experience in Security Operations.
• Hands on experience of delivering security in cloud service provider environments: Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform, Area1, email gateway , Splunk, Microsoft defender, CrowdStrike, EDR and XDR. 
• In-depth knowledge of at least one threat detection (SIEM) platform MS-Sentinel , Splunk and of the Microsoft Security Product hands-on experience
• Operational level experience in some of these domains: security engineering, alert triaging, rule writing, incident response, DFIR, threat intelligence and management, vulnerability management, and security control testing
• Formulate and define the strategic direction as a managed service
• Perform investigation and orchestration for complex/high severity security alerts, threats, or incidents
• Serve as the lead point of contact facilitating incident response orchestration with client.
  Lead research, analysis, and correlation efforts across a variety of all source data sets/collectors, log collectors and threat feeds to inform and guide the strategic direction of the offering
• As a leader of a team, ensure that the right things are being worked on at the right time, and ensure quality throughout
• Working with value architect to create pricing for opportunities
• Create and develop SOC processes and procedures, lead strategy development, methodology and execution of Use Case Catalog working with Level 1, Level 2, and Level 3 Analysts

 

 

 

 

 

 

 

 

 

 

 

 

 

Required Technical skills:
At least 8+ years of experience leading Enterprise Security Operations Centers or Managed Detection and Response analyst or incident response teams in any of the following: lead security operations center analyst (L3), threat hunting, penetration testing, digital forensics, incident response, recognizing and categorizing organizational vulnerabilities and attacks, on-prem, hybrid and cloud security concepts and protocols, providing customer technical readiness, delivery support services, on premise and remote technical support, solution development, technical requirements gathering; thought leadership, broad evangelism through events (presentation skills) or related.


 

Good to have:

• Good to have - at least one of the following certifications: CEH, CISSP, CCSP, CISM, GCIH or CHFI 
  certifications (MS-Sentinel , Splunk and any three Microsoft Security Product hands-on experience)
• Any SecOps related certifications, including security vendor certifications
• Experience with one or more of the following: Cyber-Security solutions, Security Operation Center, Threat Intelligence Management, Vulnerability Research, Digital Forensics, Incident Response, Endpoint Management, Network Security
• Product Management experience with Software as a Service (SaaS) or Infrastructure as a Service (IaaS) offerings for enterprises
• Experience in the enterprise software market and with services / product companies
• Demonstrated understanding of the techniques and methods of modern product discovery and product delivery
• Knowledge of a global, 24/7, high availability and high trust operation aspects of managed services
  Familiarity with engineering work of a security operation center
• Previous experience in cyber project management
• Part of a large transformation and implementation project

 

 

Qualifications: 

 

• Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field; or an equivalent work experience
• Experience developing and analyzing reports generated of SIEM tools
• Advanced understanding of operating system, application, network, etc. and exploitation techniques
• Reverse Malware Analysis
• Incident Response and handling methodologies, procedures, and execution
• Background performing packet-level analysis
• Experience with tools such as Nslookup, Kali Linux, Traceroute, Nmap, Nikto, NetStumbler, Metasploit, Wireshark, Aircrack Intruder, etc.
• Experience with network-based User and Entity Behavior Analytics