Job Description

About the job

At KPMG, our people are our number one priority. With a wealth of learning and career development opportunities, a world-class training facility and market leading tools, we make sure our people continue to grow both professionally and personally. Our Cyber Security practice is one of our fastest growing divisions. We are looking for a skilled Cyber Incident Response Manager to join our diverse & engaging practice. Are you our next manager?


Key Skills:

Experience in investigating cyber security incidents and dealing with associated response measures.
Experience with industry leading digital forensic analysis tools via graphical and command line interface.
Proficiency in at least one of these areas: network security/traffic/log analysis; Linux and/or Mac/Unix operating system forensics; Linux/Unix disk forensics, memory forensics, static and dynamic malware analysis / reverse engineering, mobile device forensics.
Understanding of information security and IT methodologies, principles and standards such as MITRE attack framework, ISO, NIST
Understanding of cyber attack methods, kill chain models and TTPs
Ability to collaborate, learn and work with cross functional teams like system administrators, data scientists, architects, and cyber security engineers to customise breach resilient solutions.


Role Responsibilities:

Act as a subject matter expert in the business for specific technology domains.
Engage in planning, design, implementation, testing, and operation of cyber breach resilience processes and systems on client networks.
Perform host, network, and mobile device forensics; log analysis; malware triage as part of a cyber incident response team.
Perform proactive incident response services such as cyber incident response simulation exercises, threat hunting, and compromise assessments.
Compile observations and document findings in the form of report.
Analyse, workshop and present insights and recommendations enabled by strategic thinking, technical knowledge and strong and clear communication skills.


Minimum requirements to apply for the role:

A minimum of 5 years of experience being part of an incident response team, either holding a formal role, or being able to evidence your contribution to the team.
Bachelor's degree from an accredited college/university or equivalent experience.
Experience in industry computer forensic tools such as MDR, EDR, various SEIM solutions. Preferably, not mandatory, experience of using Digital Forensic tools such as EnCase, FTK, Internet AXIOM and Cellebrite.

Quick response

Required Knowledge

• K0041   Knowledge of incident categories, incident responses, and timelines for responses.
• K0042   Knowledge of incident response and handling methodologies.
• K0046   Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
• K0058   Knowledge of network traffic analysis methods.
• K0062   Knowledge of packet-level analysis.
• K0259   Knowledge of malware analysis concepts and methodologies.

Required Skills

• S0003   Skill of identifying, capturing, containing, and reporting malware.
• S0078   Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• S0079   Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
• S0173   Skill in using security event correlation tools.

Required Abilities

• A0128  Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.