Senior Associate, Security Monitoring & Response - Remote

Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today’s most important industries. Our growth is driven by delivering real results for our clients. It’s also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it’s no wonder we’re consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Working Mother Magazine, Diversity Inc. and others. If you’re as passionate about your future as we are, join our team.

KPMG is currently seeking a Senior Associate, Security Monitoring and Response to join our Digital Nexus Technology organization. This is a remote work opportunity.

Responsibilities:

• Monitor for threats and vulnerabilities through a combination of automated and manual processes and respond accordingly as a continuous feedback loop; incorporate learnings into additional preventive and detective controls; research and develop risk mitigating approaches and drive response and remediation
• Implement automation and orchestration to improve efficiency and effectiveness of security monitoring and response processes; document processes and procedures in the form of playbooks and reference guides; stay abreast of the latest information security controls, practices, techniques, and capabilities in the marketplace, as well as evolving threats
• Participate in internal skills development activities for information security personnel on the topic of security monitoring and incident response; provide mentoring to junior team members; produce operating metrics and key performance indicators; perform some or all phases of incident response life cycle including analysis, containment, eradication, remediation, recovery
• Manage, test and document incident response processes; work with Managed Security Services Provider (MSSP) services and maintain vendor relationships; support personnel investigations; control external threats, assessing risk to the firm's environment and support risk mitigation and response activities
• Integrate external threat intelligence sources related to zero-day attacks, exploit kits and malware into detection tools; conduct forensics such as host-based disk and memory, as well as network and analysis
• Examine security monitoring use cases and develop and tune supporting content for security tools such as dashboards, alerts, reports, rules including but not limited to the configuration; retain security information and event management (SIEM) platform and endpoint detection tools for security alerts; oversee data analysis in support of security event management processes including root cause analysis

Qualifications:

• Minimum three years of recent and relevant experience in security monitoring, security operations, and incident response activities; preferably within a professional services firm or similar environment; experience defining security monitoring rules, monitoring events, assessing risk, responding to incidents and providing security oversight related to the security features of IT tools supported by the IT operations teams; knowledge of incident response
• Bachelor's degree from an accredited college or university is preferred; CISSP certification is preferred
• Experience with IT process definition and/or improvement; ability to integrate security tools with IT infrastructure such as proxies, mail servers, Active Directory, workstations, and mobile devices; capability to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors
• Good understanding of network and system intrusion, detection methods and mitigation techniques; experience with technologies such as Splunk, Next Generation Endpoint Protection Platforms (EPP); experience with security information and event management (SIEM), hacking tools techniques and procedures; experience with malware analysis or endpoint lateral movement detection methodologies or host forensic tools; knowledgeable of some of the following: network protocol analysis, public key infrastructure, SSL, Microsoft Windows and Active Directory, Linux
• Strong troubleshooting and organizational skills; capacity to work on multiple activities simultaneously; great hands-on network and systems administration skills with Linux and Windows including Active Directory competence; excellent verbal/written communication, problem solving, analytical and independent judgment skills to support an environment driven by customer service and teamwork; must be able to positively influence, mentor and be a credible source of knowledge to less experienced team members
• Possess scripting skills including Python, Shell/BASH and use of open-source Linux security tools; experience with a threat monitoring program and related operational activities; experience developing SIEM content/use cases with specific experience writing content rules
• Must have U.S. Citizenship

KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding the firm's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please.

KPMG does not currently require partners or employees to be fully vaccinated or test negative for COVID-19 in order to go to KPMG offices, client sites or KPMG events, except when mandated by federal, state or local law.  In some circumstances, clients also may require proof of vaccination or testing (e.g., to go to the client site).       /