Manager

Description

Job Title:
Manager, Cyber Threat Intelligence, Sec Monitor & Resp

Job Code:
7465

Subtitle:
CSIRT

Job Summary:
​IOC validation/sweeps/ investigations. Assistance in automating workflows (highly desirable). Producing Daily CISO CTI report. Tuning/ responding to alerts from CTI tools regarding topics such as (leaked credentials, brand abuse, deep dark web investigations, etc.)

Education:
Bachelor's Degree

Year of Experience:
5 - 8 years

Type of Experience:
​Strong background in tactical/ operational cyber threat intel with knowledge of incident response/ threat hunting. Demonstrated ability to automate tasks/ workflows is highly favorable. Knowledge of Microsoft KQL also highly desirable but other SIEM knowledge acceptable.

Principal Responsibilities:

​· One of the primary responsibilities are IOC sweeps/ blocks/ investigations of hits. Assist with automating this task. End goal is for IR to receive high fidelity true positive hits and for the person in this role to assess trends of IOC hits and feed intel to the threat hunt workstream to prioritize hunts on those threat actors. While working towards IOC sweep automation, escalates to hunters when hits determined to be true positive and remediation actions are required or if advanced analysis is required.

· Daily CISO report (CTI Input) – This report is sent out daily to our CISO and other Sr. Leadership/ workstreams regarding daily CTI news and its relevance to KPMG. The person in this role will be responsible for this daily.

· Assist U.S. CTI workstream SME with alerts/ investigations from CTI tools. Prefer experience with CTI tools such as ZeroFox (Brand abuse/ leaked credentials investigations), Flashpoint (Deep dark web investigations), Domain Tools (domain/ web investigations) and experience with a Threat Intelligence Platform (TIP) such as Threat Q.

· Assist with the assessment of Top 10 threat actors/ malware for the firm to prioritize on assessments/ hunts.

· Research and develop risk mitigating approaches and drive response and remediation

· Document processes and procedures in the form of playbooks and reference guides.

· Stay abreast of the latest information security controls, practices, techniques and capabilities in the marketplace.

· Lead internal skills development activities for information security personnel on the topic of cyber threat intelligence, by providing mentoring and by conducting knowledge sharing sessions

· Provide input to business cases and presentations to senior IT leadership of proposed security products and studies. Produce operating metrics and key performance indicators.

· Knowledge of all phases of incident response life cycle: analysis, containment, eradication, remediation, recovery

· Evaluate external threat intelligence sources related to zero-day attacks, exploit kits and malware to determine organizational risk.

Qualifications:

​· Knowledge/ experience in automating tasks (creating logic apps, powershell/ python scripts to automate workflows/ tasks). This is highly desirable skillset.

· Experience in security monitoring, security operations, and incident response activities; preferably within a professional services firm or similar environment

·Strong knowledge of incident response and crisis management; Ability to identify both tactical and strategic solutions

· Knowledge/ background with snort rules (reading and/or writing them).

· Knowledge of Microsoft KQL (writing queries/ creating workbooks are highly desirable).

· Experience with IT process definition and / or improvement

· Ability to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors

· Strong verbal/written communication, with ability to effectively interact with individuals at all levels of responsibility and authority. Must be able to prioritize, delegate to support an environment driven by customer service and teamwork. · Strong trouble-shooting and organizational skills and ability to work on multiple projects simultaneously. Ability to participate in resource planning processes based on defined organizational plans.

· Experience defining security monitoring rules, monitoring events, assessing risk, responding to incidents and providing security oversight related to the security features of IT tools supported by the IT operations teams

· Ability to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors

· Strong verbal/written communication, with ability to effectively interact with individuals at all levels of responsibility and authority. Must be able to prioritize, delegate and foster the development of high-performance teams to lead/support an environment driven by customer service and team work. Strong trouble-shooting and organizational skills and ability to work on multiple projects simultaneously. Ability to participate in resource planning processes based on defined organizational plans.

 · Experience developing/ utilizing SIEM queries for investigating IOCs within the network.

· Experience conducting analysis based on Deep Dark Web intelligence.

Work Location:
null

Responsibilities

Job Title:
Manager, Cyber Threat Intelligence, Sec Monitor & Resp

Job Code:
7465

Subtitle:
CSIRT

Job Summary:
​IOC validation/sweeps/ investigations. Assistance in automating workflows (highly desirable). Producing Daily CISO CTI report. Tuning/ responding to alerts from CTI tools regarding topics such as (leaked credentials, brand abuse, deep dark web investigations, etc.)

Education:
Bachelor's Degree

Year of Experience:
5 - 8 years

Type of Experience:
​Strong background in tactical/ operational cyber threat intel with knowledge of incident response/ threat hunting. Demonstrated ability to automate tasks/ workflows is highly favorable. Knowledge of Microsoft KQL also highly desirable but other SIEM knowledge acceptable.

Principal Responsibilities:

​· One of the primary responsibilities are IOC sweeps/ blocks/ investigations of hits. Assist with automating this task. End goal is for IR to receive high fidelity true positive hits and for the person in this role to assess trends of IOC hits and feed intel to the threat hunt workstream to prioritize hunts on those threat actors. While working towards IOC sweep automation, escalates to hunters when hits determined to be true positive and remediation actions are required or if advanced analysis is required.

· Daily CISO report (CTI Input) – This report is sent out daily to our CISO and other Sr. Leadership/ workstreams regarding daily CTI news and its relevance to KPMG. The person in this role will be responsible for this daily.

· Assist U.S. CTI workstream SME with alerts/ investigations from CTI tools. Prefer experience with CTI tools such as ZeroFox (Brand abuse/ leaked credentials investigations), Flashpoint (Deep dark web investigations), Domain Tools (domain/ web investigations) and experience with a Threat Intelligence Platform (TIP) such as Threat Q.

· Assist with the assessment of Top 10 threat actors/ malware for the firm to prioritize on assessments/ hunts.

· Research and develop risk mitigating approaches and drive response and remediation

· Document processes and procedures in the form of playbooks and reference guides.

· Stay abreast of the latest information security controls, practices, techniques and capabilities in the marketplace.

· Lead internal skills development activities for information security personnel on the topic of cyber threat intelligence, by providing mentoring and by conducting knowledge sharing sessions

· Provide input to business cases and presentations to senior IT leadership of proposed security products and studies. Produce operating metrics and key performance indicators.

· Knowledge of all phases of incident response life cycle: analysis, containment, eradication, remediation, recovery

· Evaluate external threat intelligence sources related to zero-day attacks, exploit kits and malware to determine organizational risk.

Qualifications:

​· Knowledge/ experience in automating tasks (creating logic apps, powershell/ python scripts to automate workflows/ tasks). This is highly desirable skillset.

· Experience in security monitoring, security operations, and incident response activities; preferably within a professional services firm or similar environment

·Strong knowledge of incident response and crisis management; Ability to identify both tactical and strategic solutions

· Knowledge/ background with snort rules (reading and/or writing them).

· Knowledge of Microsoft KQL (writing queries/ creating workbooks are highly desirable).

· Experience with IT process definition and / or improvement

· Ability to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors

· Strong verbal/written communication, with ability to effectively interact with individuals at all levels of responsibility and authority. Must be able to prioritize, delegate to support an environment driven by customer service and teamwork. · Strong trouble-shooting and organizational skills and ability to work on multiple projects simultaneously. Ability to participate in resource planning processes based on defined organizational plans.

· Experience defining security monitoring rules, monitoring events, assessing risk, responding to incidents and providing security oversight related to the security features of IT tools supported by the IT operations teams

· Ability to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors

· Strong verbal/written communication, with ability to effectively interact with individuals at all levels of responsibility and authority. Must be able to prioritize, delegate and foster the development of high-performance teams to lead/support an environment driven by customer service and team work. Strong trouble-shooting and organizational skills and ability to work on multiple projects simultaneously. Ability to participate in resource planning processes based on defined organizational plans.

 · Experience developing/ utilizing SIEM queries for investigating IOCs within the network.

· Experience conducting analysis based on Deep Dark Web intelligence.

Work Location:
null

---