Senior Specialist, Security Analyst (SOC)

Historically, the travel requirement for this position has ranged from 80-100%. The safety and well-being of our people continues to be the top priority, and our decisions around travel are informed by government COVID-19 response directives, recommendations from leading health authorities, and guidance from a number of infectious disease experts. For now, all KPMG business travel, international and domestic, is currently restricted to client-essential sales/delivery activity only. At some point in the future and with the safety of people as the critical factor, the travel requirement will likely increase, possibly to previous levels, but KPMG is committed to balancing client requirements with new delivery capabilities.

The KPMG Advisory practice is currently our fastest growing practice. We are seeing tremendous client demand, and looking forward we don't anticipate that slowing down. In this ever-changing market environment, our professionals must be adaptable and thrive in a collaborative, team-driven culture. At KPMG, our people are our number one priority. With a wealth of learning and career development opportunities, a world-class training facility and leading market tools, we make sure our people continue to grow both professionally and personally. If you're looking for a firm with a strong team connection where you can be your whole self, have an impact, advance your skills, deepen your experiences, and have the flexibility and access to constantly find new areas of inspiration and expand your capabilities, then consider a career in Advisory.

KPMG is currently seeking a Senior Specialist to join our Managed Services practice.

Responsibilities:

• Validate IOCs and Investigate intrusion attempts and perform in-depth analysis and correlation of network traffic, host-based alerts and forensic images, as needed; Conduct in-depth investigations of events that are escalated by Level 1 Analysts
• Research additional internal and external data sources for additional enrichment of event information to determine when an event has reached the threshold of an incident and engage Incident Response Handler to declare an incident
• Create filters, data monitors, dashboards and reports within monitoring utilities
• Troubleshoot security monitoring devices
• Monitor Level 1 Analyst performance investigating incoming events using SOC-available tools and handle high and critical severity incidents as described in the operations playbook
• Ensure events populated in the SIEM portals are addressed in a timely manner using available reporting and metrics
• Drive and monitor shift-related metrics processes ensuring applicable reporting is gathered and disseminated per SOC requirements while coordinating with SIEM Engineers to improve event correlation, performance, tune events and alerts

Qualifications:

• Minimum five years of technical experience in Information Security, System Administration or Network Engineering with at least four years of experience in Information Security
• Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity or related field from an accredited college/university or an equivalent work experience; eighteen to twenty-four months of prior MDR/SOC/Incident response experience
• Experience scripting with PowerShell, bash/ksh/sh, Cisco IOS.sh, JunOS sh/csh, Perl, Tcl, Lua; two-four years’ experience with SIEM tools such as Azure Sentinel, Qradar, Splunk, Logrhythm and Solarwinds; Familiarity with common IDS/IPS and Firewalls (Snort, Cisco, Fortigate, Sourcefire)
• Two or more years' experience with Incident Response activities; Expert knowledge of security best practices and concepts; Desired certifications: Security+, C|EH, Network+, Certified Information Systems Security Professional (CISSP), GIAC Certified Intrusion Analyst, GIAC Certified Incident Handler or GIAC Reverse Engineering Malware
• Ability to work nights, weekends and/or holidays in the event of an incident response emergency
• Ability to travel as necessary
• Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future

KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding the firm's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please.

At KPMG, any partner or employee must be fully vaccinated or test negative for COVID-19 in order to go to any KPMG office, client site or KPMG event. In some circumstances, individuals who are not fully vaccinated may also be required to have a reasonable accommodation to not be fully vaccinated for COVID-19.