Cyber Incident Response Analyst
  • South Africa Johannesburg
  • KPMG South Africa
1 year before
31.12.2023
Protect and Defend
Cyber Defense Analysis
Job Description

About the job
Job title/position: Analyst – Cyber Incident Response

Function and Business Unit: Technology Assurance - Cyber

Description Of The Role And Purpose Of The Job

KPMG is currently seeking two (2) Cyber Incident Response Consultants, to join our Cyber Security practice. Cyber Security is a part of a wider Technology Assurance practice.

The KPMG Cyber Security practice is one of our fastest growing practices. We are seeing tremendous client demand and looking forward we don't anticipate that slowing down. In this ever-changing market environment, our professionals must be adaptable and able to thrive in a collaborative, team-driven culture. At KPMG, our people are our number one priority. With a wealth of learning and career development opportunities, a world-class training facility and leading market tools, we make sure our people continue to grow both professionally and personally. If you're looking for a firm with a strong team connection where you can be yourself, make an impact, advance your skills, deepen your experiences, and have the flexibility to constantly find new areas of inspiration and expand your capabilities, you will be a good fit for our Cyber Security practice.

You Will Be Exposed To a Range Of Exciting Projects Across Industry Sectors And Service Lines In The Following Areas (the Focus Being Cyber Incident Response And Investigations

Working with KPMG you will consult on client projects, translating business and customer needs into innovative business and technology solutions. You will identify changes and recommend solutions that will typically involve a combination of cyber incident response and security excellence outcomes.

Digital forensic, cyber incident response and investigations.
Cyber defence and security assessments.
Cyber security strategy and governance.
Cyber transformation.

Key Responsibilities

Acting as a subject matter expert in the business for specific technology domains.
Engage in planning, design, implementation, testing, and operation of cyber breach resilience processes and systems on client networks.
Perform host, network, and mobile device forensics; log analysis; malware triage as part of a cyber incident response team.
Perform proactive incident response services such as cyber incident response simulation exercises, threat hunting, and compromise assessments.
Analyse and provide findings on large complex data sets.
Provide on-site assistance to clients as needed for incident response services.
Develop next generation cyber resilience solutions that help minimise impact, decrease likelihood, and increase adaptability to cyber threats.
Deploy and utilise endpoint detection and response (EDR) solutions in response to cyber incidents.
Analyse, workshop and present insights and recommendations enabled by strategic thinking, technical knowledge and strong and clear communication skills.
Deliver high quality deliverables and outcomes for our clients.
Ability to identify potential business development / sales opportunities.
Report writing.

Skills

Skills and attributes required for the role:

Experience in investigating cyber security incidents and dealing with associated response measures.
Advanced experience with industry leading digital forensic analysis tools via graphical and command line interface and with at least one scripting/programming language (Python preferred), and/or extensive experience with data manipulation using tools of your choice.
Technical proficiency in at least one of these areas: network security/traffic/log analysis; Linux and/or Mac/Unix operating system forensics; Linux/Unix disk forensics (ext2/3/4, HFS+, and/or APFS file systems), advanced memory forensics, static and dynamic malware analysis / reverse engineering, advanced mobile device forensics.
Understanding of a wide range of information security and IT methodologies, principles, technologies and techniques.
Ability to collaborate, learn and work with cross functional teams like system administrators, data scientists, architects, and cyber security engineers to customise breach resilient solutions.

Personal Attributes

Good communication and interpersonal skills.
Team player
Ability to adapt, multi-task and work on multiple engagement simultaneously.
Ability to work under pressure while still delivering high quality work.

Minimum requirements to apply for the role (including qualifications and experience):

A minimum of 3 - 5 years of experience being part of an incident response team, either holding a formal role, or being able to evidence your contribution to the team.
Bachelor's degree from an accredited college/university or equivalent experience.
Experienced in industry computer forensic tools such as X-Ways, EnCase, FTK, Internet Evidence Finder (IEF) / AXIOM, TZWORKS and / or Cellebrite.
Experience in preservation of digital evidence (including experience in preserving cloud data and handling encryption such as BitLocker, FileVault, and/ or LUKS).

The Following Are Desirable

EnCase certified Examiner (EnCE).
Security related certifications such as CISSP, CISA or CISM.
Incident management certifications such as: CREST certified incident manager (CCIM), GIAC Certified Incident Handler (GCIH).
Digital forensics certificates such as: CREST certified registered intrusion analyst (CRIA), CREST certified network intrusion analyst (CCNIA), CREST certified host intrusion analyst (CCHIA), CREST certified malware reverse engineer (CCMRE), GIAC Certified (Network) Forensic Analyst (GCFA, GNFA).

Minimum requirements to apply for the role (including qualifications and experience):

A minimum of 3 - 5 years of experience being part of an incident response team, either holding a formal role, or being able to evidence your contribution to the team.
Bachelor's degree from an accredited college/university or equivalent experience.
Experienced in industry computer forensic tools such as X-Ways, EnCase, FTK, Internet Evidence Finder (IEF) / AXIOM, TZWORKS and / or Cellebrite.
Experience in preservation of digital evidence (including experience in preserving cloud data and handling encryption such as BitLocker, FileVault, and/ or LUKS).

The Following Are Desirable

EnCase certified Examiner (EnCE).
Security related certifications such as CISSP, CISA or CISM.
Incident management certifications such as: CREST certified incident manager (CCIM), GIAC Certified Incident Handler (GCIH).
Digital forensics certificates such as: CREST certified registered intrusion analyst (CRIA), CREST certified network intrusion analyst (CCNIA), CREST certified host intrusion analyst (CCHIA), CREST certified malware reverse engineer (CCMRE), GIAC Certified (Network) Forensic Analyst (GCFA, GNFA)

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0013   Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
  • K0040   Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
  • K0042   Knowledge of incident response and handling methodologies.
  • K0044   Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • K0049   Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • K0058   Knowledge of network traffic analysis methods.
  • K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • K0177   Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0301   Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
  • K0339   Knowledge of how to use network analysis tools to identify vulnerabilities.
  • K0342   Knowledge of penetration testing principles, tools, and techniques.
Required Skills
  • S0025   Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
  • S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • S0054   Skill in using incident handling methodologies.
  • S0078   Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
  • S0167   Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).
Required Abilities
  • A0015  Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
  • A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • A0128  Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.