EWT Security | Consultant - Threat Detection Analyst

The Team/Role:

Working as part of the KPMG Security Operations Centre team within Information Security, you will play a key role in ensuring that the business IT systems are protected and monitored from threats. You will participate in the active monitoring of applications, systems, and networks to detect issues and ensure that appropriate actions are taken as part of the Incident Response process.

Key Responsibilities

• Proactively monitor the network security sensors ensuring timely detection, investigation, and remediation of potential threats in line with the incident management lifecycle 
• Triage and manage security events in the SIEM platform as per Standard Operating Procedure and escalate to L2 team as required
• Accurately document work in Incident case management system as per defined standards
• Leverage multiple data sources to analyse detection alerts and staff reported cyber-attacks to identify which events require response activities based on Standard Operating Procedures
• Declare an incident and escalate it to Incident Response team, ensuring findings have been accurately captured in the Incident case management system as per defined standards

Ensure that cases are accurately categorised to ensure the appropriate feedback is provided to the Detection and Response Engineering team and to facilitate reporting

The Person

• Hands-on experience within a Security Operations Centre is preferred
• Familiarity with AWS and Azure environment and security toolsets used in these environments
• Proven ability with Security Incident and Event Management (SIEM) systems
• Experience with Intrusion detection/prevention systems, including Microsoft Security tools 
• Practical and current knowledge of the Cyber Security threats landscape
• Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute)
• Knowledge of computer networking concepts and protocols, and network security methodologies
• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
• Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored)
• Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks)
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services

Soft skills and experience

• Experience of working within a Security Operations environment
• Proven customer service skills and experience
• Ability to read and interpret data including security, system, application, and device specific logs
• Excellent analytical skills and solutions-oriented approach
• Ability to work in high-demand, busy environments
• Ability to quickly learn new technologies and systems. A methodical approach with accuracy is essential
• Ability to develop and maintain effective working relationships with members of the different KPMG team in the UK and globally