Manager, Cyber Defence

KPMG

$110K — $160K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Undergraduate degree in Computer Science, Information Technology, or related field
  • At least one cybersecurity certification such as GCIH, GCFE, or EnCE
  • 5+ years of incident response experience, preferably in consulting
  • 5+ years of experience in forensic data collection from networks and cloud platforms
  • Experience in consulting environments, including post-incident reviews
  • Hands-on experience with forensic software and EDR tools
  • Strong knowledge of attack vectors and digital forensics techniques

Responsibilities

  • Engage clients on incident response tasks from security to digital forensics
  • Perform urgent incident response and organize efforts effectively
  • Use forensic tools for evidence collection and analysis
  • Conduct extensive log and metadata analysis during security incidents
  • Analyze results to identify indicators of compromise and threats
  • Advise on mitigation strategies and remediation steps
  • Create detailed reports for diverse stakeholders

Benefits

  • Professional development opportunities in a transformational field
  • Engagement with cutting-edge cyber investigation technologies
  • Collaborative team environment emphasizing diverse problem-solving
  • Access to KPMG’s Cyber/Forensics lab for practice development
  • Supportive workplace culture with emphasis on integrity and excellence
Full Job Description
What you will do

As a Manager you'll work as part of a team of problem solvers with extensive consulting and industry experience, supporting our technical engagement team and leveraging your expertise on Incident Response projects and tasks. Specific responsibilities include but are not limited to:
  • Engage with a variety of clients on incident response engagements ranging and tasks from operating system security, cloud and network security, cryptography, software security, malware analysis, digital forensics for incident response activities, security operations, and emergent security intelligence;
  • Perform incident response and cyber investigations. These engagements will require urgent organization, configuring needed toolsets, and communication with the client;
  • Leverage forensic tools to on incident response collect, process and analyze computer based evidence (host and network based). Use end-point detection and response (EDR) tools to investigate, monitor and triage potentially compromised end-points;
  • Perform digital forensic evidence collection throughout the incident response phases, extensive log analysis and meta-data analysis;
  • Perform operating system and hard drive digital forensic evidence analysis;
  • Analyze results from tools and determine: indicators of compromise (IOCs), root cause of compromise, possible attack vectors, potential threat actors and the overall risk/threat the client is facing;
  • Provide recommendations and advise on steps to mitigate the current attack, present risks and remediate the potentially vulnerable environment and remove the ability of ongoing/future attacks;
  • Analyze results of assessment and create technical accurate and articulate reports in a business professional language, to be shared with technical stakeholder, executive stakeholders and potentially third parties;
  • Leverage out-of-the-box thinking to tackle and overcome complex client challenges;
  • Remain current on the threat landscape, including common and recent threats. Keep your team and clients informed on relevant threat and attack vectors on an on-going basis;
  • Contribute to the KPMG Incident Response team's practice development by actively supporting a Cyber/Forensics lab, writing whitepapers, conducting and sharing research, actively assisting with business development opportunities.

What you bring to the role

  • Undergraduate degree in Computer Science, Information Technology, or related field;
  • Completion of at least one relevant certification such as GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Examiner (GCFE), EnCase Certified Examiner (EnCE), CCFP ISC(2) or similar;
  • 5+ years of experience with incident response, preferably in a consulting environment. Internal CSIRT experience will also be considered;
  • 5+ years of experience with forensic data collection with technical network, hard drive, and operating systems. Candidates should also have experience with collecting data from cloud platforms for investigations that involve SaaS and PaaS;
  • Experience working on consulting incident response engagements with clients, including post-incident reviews;
  • Cyber investigation and threat hunting experience;
  • Ability to identify and create IOCs (Indicators of Compromise) from performing forensic analysis activities, articulate IOC in technical formats, and present them to stakeholders;
  • Hands-on experience and working knowledge of at least one common industry leading or open-source forensic software application (e.g. EnCase, FTK, Autopsy, Magnet Axiom, Cellebrite, Magnet IEF/Axiom) and techniques to capture and process electronic data from computers, virtual machines, external media, networks and mobile data devices;
  • Hands on experience with the installation and configuration of End-Point Detection and Response tools, such as Carbon Black, Sentinel One, CrowdStrike Falcon or Elastic Stack;
  • Strong knowledge of common attack vectors, initial compromise, lateral movement, privilege escalation and data exfiltration techniques;
  • Knowledge of operating systems, networking, web protocol, and cloud architecture;
  • Ability to perform log, host and network-based traffic monitoring and analysis, across varying devices, platforms and formats;
  • Ability to perform hard drive digital forensics within the incident response phases, across various file and device formats, including Windows and Linux operating systems and mobile device.
  • Ability to fulfill regular on-call responsibilities, as part of a team, for urgent incident response activities.
  • Master's Degree within a specialization in Cyber Security, Digital Forensics or a related field is advantageous;
  • Completion of any additional Cyber Security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) or similar would be advantageous.;
  • Hands-on experience incident response and log analytics tools, such as Elastic, Log Stash and Kibana, Sumo Logic, Splunk, etc. Familiarity with multiple open-source tools for data and log analysis;
  • Reverse engineering experience on various types of malware, including ransomware, malicious droppers, trojans, customized and obfuscated malicious scripts and other types of malicious files will be advantageous;
  • Experience with forensic evidence handling and chain-of-custody procedures and knowledge of potential litigation requirements;
  • Experience with programming languages (C, C#) and scripting languages (e.g. Python and Go) and familiar with Bash and PowerShell;
  • Experience in other technical Cyber Security domains, such as Penetration Testing, Red Teaming, Security Operation Centre (SOC) or Blue Teaming;
  • Able to create solutions and modify your tools, plugins and scripts appropriately to problem at hand;
  • Knowledge of common threat actor TTPs (tools, techniques and procedures and how they relate to the stages of the MITRE ATT&CK® Framework.

KPMG Ontario Region Pay Range Information

The expected base salary range for this position is $110,000 to $160,000 and may be eligible for bonus awards. The determination of an applicant's base salary within this range is based on the individual's location, skills & competencies, and unique qualifications. In addition, KPMG offers a comprehensive and competitive Total Rewards program.

Providing you with the support you need to be at your best

Our Values, The KPMG Way

Integrity, we do what is right | Excellence, we never stop learning and improving | Courage, we think and act boldly | Together, we respect each other and draw strength from our differences | For Better, we do what matters

We believe technology should empower human judgment, not replace it. It's one of the many ways we're delivering on our vision of being a technology-first, people-driven firm.

Similar Jobs

More Jobs at KPMG

More Information Technology Jobs

Find similar Manager, Cyber Defence jobs: