IT Security Analyst
KPMG's Global Security Operations Centre (GSOC) helps defend KPMG and its clients from cyber-attacks, through timely detection, investigation and remediation of potential threats.
The role holder is responsible for the continuous investigation of correlated security event feeds and the appropriate escalation in case of an identified security incident. They are the primary contact for any suspected security incident and work together with the member firm local Computer Security Incident Response Team (CSIRT) and remediation team on resolving incidents and remediating threats to KPMG.
The GSOC Senior Analyst also takes part in the creation and steady improvement (fine-tuning, whitelisting, etc.) of correlation rules, security policies, processes and procedures and other related documentation.
- Monitors alerting tools and also handles escalated incidents from Helpdesk, Desk Side Team (Desktop Support), Network Team and end users.
- Triages alerts as they come in and action appropriately.
- Respond to common alerts in a consistent and repeatable manner from multiple alerting sources ensuring to gather context and intelligence.
- Act as Subject Matter Experts for analysis functions, providing support on more involved cases and guiding the activity of other analysts through collaboration
- Investigate incidents using SIEM technology, packet captures, reports, data visualization, and pattern analysis.
- Analyze, escalate, and assist in remediation of critical information security incidents.
- Improve and challenge existing processes and procedures in a very agile global and fast moving information security environment.
- Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks in support of technologies managed by the GSOC
- Act as the lead coordinator for the GSOC's response to individual cyber security incidents
- Identify and document containment and remediation efforts which successfully reduce risk
- Maintain documentation on residual risk, along with assignment of leadership owners and recommended steps for remediation
- In times when the Operations Manager or Lead Analysts are not present, act in a leadership role within the GSOC
- Participate in project work, sometimes acting as project lead
- Senior Analysts should have expert knowledge of:
- Information security policies and goals
- Log analysis and event traffic patterns
- DLP, encryption, HIDS, NIDS, firewall technology
- The current IT threat landscape and upcoming trends in security
- Responsible for taking action on alerts, events, and incidents escalated from the Analyst.
- Act as a lead for a shift.
- Triage malware incidents, their priority and the need for escalation.
- Monitoring for emerging threat patterns and vulnerabilities.
- Assists with recommendations and workarounds.
- Coordinates with other external stakeholders.
- Communicates with management on incident updates.
- Able to complete the incident lifecycle without higher level supervision.
1.2 Qualifications, experience and skills
- Bachelor's Degree in Computer Science, Computer Networking, or Computer Security or equivalent
- CISSP or CISA or CISM or Certifications or equivalent
1.2.2 Technical Skills
- Advanced understanding of information security, border protection, incident handling & response, forensics, endpoint protection & encryption
- Strong understanding of computer science: algorithms, data structures, databases, operating systems, networks, and tool development
- Able to evaluate current people, processes, technology, and business drivers to improve the GSOC.
- Network infrastructure knowledge, advanced knowledge of TCP/IP and Internet protocols.
- Experience with network forensics and packet and Netflow analysis, In-depth knowledge of infrastructure and operating systems.
- Policy and Standard, Incident Management., Prioritization, Technologies, Security, Testing, Monitoring, IT Change, Infrastructure, Application
- Understanding and experience using various security related exploits and tools
- Strong ability to communicate: write clearly and speak authoritatively to different audiences
- Advanced knowledge in; Firewalls, VPN, Intrusion detection and prevention systems, anti-virus and content filtering, URL filtering, authentication solutions, switches, routers, VoIP, DMZ.
- Ability to troubleshoot common network devices, network, vulnerabilities and network.
This job was originally posted as www.totaljobs.com/job/80920672