Information Security Analyst - Threat Hunter

Roles and Responsibilities:

The primary role of a Threat Hunter is to perform analysis, monitoring, and reporting using SIEM tools and Threat Intelligence platforms. The Threat Hunter’s objective is to provide KPMG with relevant threat information to protect and its customers’ businesses. The Threat Hunter will gather threat information from multiple locations, including deep and dark web sources, and report any threat information they find that are relevant to clients’ businesses.

This specific position on the team will focus on collecting and analyzing threat information related to KPMG’s Managed Detection and Response service. Specifically, the Threat Hunter will: Conduct real-time monitoring of attack surfaces and deep and dark web forums to gather threat information relevant to clients.

Performing threat hunting using various toolsets and based on intelligence gathered.

Develop attack detection and response playbooks and counter-measure definition and strategies to mitigate emerging threats.

Utilize Threat Intelligence and Threat Models to create threat hypotheses.

Plan and scope threat hunting exercises to verify threat hypotheses. Conduct threat modeling exercises to improve threat detection and mitigation abilities.

Proactively and iteratively search through systems and networks to detect advanced threats. Analyze host, network, and application logs in addition to malware and code.

Prepare and report risk analysis and threat findings to appropriate stakeholders.

Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation.

Assist with containment of threats and remediation of environment during or after an incident. Provide situational awareness and understanding of threats related to KPMG or its customer to enhance the decision-making process at the organization level. The ideal candidate will: Have at least 60 months of MDR/SOC/Incident response experience in a large IT environment focused on information security. Act as a workstream participant to support tier-1, tier-2, or tier-3 SOC environments.

Respond to requests for information from clients or customers. Be a quick learner and adaptable to changing environments. Deliver timely and high-quality work diligently.

Have strong analytical skills.Build strong professional working relationships with client personnel.

Have knowledge on implementing or integrating threat intelligence platforms with an MDR/SOC. Identify issues, opportunities for improvement, and communicate them to an appropriate senior member.

Experience in Azure Sentinel. Experience in Threat Hunting.Minimum of 5 years of experience in IT Security activities.

Minimum of 3 years of operating experience in industry-leading User and Entity Behavior Analytics (UEBA) and Security Orchestration, Automation and Response (SOAR), threat intelligence platforms and tools. Familiarity with incident response process and activities. Solid scripting skills (Perl or Python, or Shell).Solid understanding of information security domains and information technology. Must have C|EH or Threat Intelligence related certifications. One or more technical certifications: (Security+, C|EH, Network+, Certified Information Systems Security Professional (CISSP), GIAC Certified Intrusion Analyst, GIAC Certified Incident Handler, or GIAC Reverse Engineering Malware).Familiarity with ticketing tool / ITSM tool.

Required Technical skills:

Experience with SIEM tools (QRadar, Splunk, LogRhythm, Solarwinds, etc.) , Azure Sentinel