Senior Threat Hunting Lead

KPMG
Canada, Canada
Full-time

Overview

At KPMG, you'll join a team of diverse and dedicated problem solvers, connected by a common cause : turning insight into opportunity for clients and communities around the world.

The Senior Threat Hunting Lead is a part of the Information Security Team , is primarily responsible for gathering specific threat intelligence, leading, responding, resolving security incidents, and performing threat hunts across all environments, including both on-premise and cloud (Azure, AWS, GCP) .

The role will contribute to the Security Operations Team and their mandates.

The role requires an in-depth understanding of Threat Intelligence platforms, Threat Hunting methodologies and expertise in leveraging associated tools.

What you will do

The Senior Threat Hunting Lead will be responsible for security threat monitoring, security event triage, and incident response to hunt and assess, monitor, detect, respond and remediate advanced threats.

The analyst will also perform investigation to identify root cause, potential gaps, exploitation, mitigate risks and other techniques utilized to bypass security controls

The Senior Threat Hunting Analyst will be the key point of contact for security incidents, anomalies and investigations.

Responsibilities include but not limited to :

  • Manage relationships with Threat Intel teams, Global and Regional Security Operations teams and Canadian Technology groups
  • Manage, investigate and delegate incidents reported by the SOC, Threat Intel teams, end users and security monitoring tools
  • Oversee and lead all reported incidents to completion, ensure incidents are appropriately remediated
  • Create and present incident reports to both the Senior Manager and the CISO Office
  • Train incident responders to perform threat hunts and improve the incident response process
  • Perform threat hunting across all environments, including on-premise and cloud (Azure, AWS, etc.).
  • Perform advance threat hunting queries to identify unknown threats and new Indicators of Compromise (IOC's).
  • Propose, develop and implement new SIEM use cases based on threat intelligence and landscape
  • Act as the Security Lead on projects to ensure security objectives are met and risks are mitigated
  • Liase with threat intelligence teams and partners to obtain intel and guide threat hunting activities.
  • Conduct host and network forensics analysis of systems to identify root cause, impact, and Indicators of Compromise (IOC's).
  • Conduct all-source collection and research, analyze, evaluate, and integrate data from multiple cyber threat intelligent sources.
  • Develop automation scripts / code to aid and introduce efficiencies in routine IR tasks.
  • Perform real-time triaging on security alerts that are populated in a Security Information and Event Management (SIEM) system, Web filtering, ATP / MDE, Azure Security Center or Prisma Cloud.
  • Monitor and analyze a variety of network, cloud, and host-based security appliance logs (Firewalls, IPS, NAC, Sys Logs, etc.

to determine the correct remediation actions and escalation paths for each incident.

  • Independently follow procedures to contain, analyze, and eradicate malicious activity.
  • Document all activities during an incident and provided leadership with status updates during the life cycle of the incident.
  • Perform malware analysis to determine new IOC's and impact
  • Forensic examination of assets to determine scope of incident and if / what data exfiltration occurred
  • Ensure that the security posture of the enterprise cloud environment, delivered across multiple cloud platforms, meets, and exceeds agreed industry-recognized frameworks and standards.
  • Assist with operational tickets, incident response, project activities and ad-hoc requests
  • Interpret and summarize technical information for presentation to non-technical business contacts.

Position may require on-call and after-hours work, as needed to support KPMG business needs

What you bring to the role

  • Excellent verbal and written communication skills, must be able to write / present to senior leadership with impact.
  • 3+ years in experience in Incident Response / Computer Forensics / Network Forensics / Threat Hunting and Threat Intel or related fields.
  • 1-2 years scripting / programming experience preferred e.g. Python, PowerShell, SQL, KQL.
  • Hands-on experience with at least 1 EDR solution such as Carbon Black or MDE.
  • Strong technical experience in the implementation and maintenance of security processes, including threat event lifecycle management, Threat Hunting, and Threat Intelligence activities
  • Technical proficiency with MITRE ATT&CK Framework and how it's used to assess, enhance, and test security monitoring, threat detection, and mitigation activities.
  • Understanding of frameworks such as NIST, RMF, ISO etc.
  • Experience with cyber threat actor attribution and their associated tactics, techniques, and procedures (TTPs).
  • Experience with public Cloud platforms (AWS, Azure, GCP).
  • Good understanding of SOC, Cloud operations, security, automation, and orchestration. Previous SOC experience is preferred.
  • Understanding of possible attack activities such as network probing / scanning, DDOS, APT, malicious code activity, reverse engineering, malware analysis etc.
  • Knowledge in security platforms such as Cisco, Palo Alto NGFW, Proofpoint, Qualys, SIEM, EDR, DLP, etc.
  • Minimum of 2+ years of experience in security technologies such as : Security information and event management (SIEM), IDS / IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
  • GCIH, GCFA, GCFE, GNFA along with CISSIP or other similar Security certifications is an asset
  • Knowledge of current security trends, threats and mitigations.

Providing you with the support you need to be at your best

Our Values, The KPMG Way

Integrity , we do what is right Excellence , we never stop learning and improving Courage , we think and act boldly Together , we respect each other and draw strength from our differences For Better , we do what matters

KPMG in Canada is a proud equal opportunities employer and we are committed to creating a respectful, inclusive and barrier-free workplace that allows all of our people to reach their full potential.

A diverse workforce is key to our success and we believe in bringing your whole self to work. We welcome all qualified candidates to apply and hope you will choose KPMG in Canada as your employer of choice.

For more information about Inclusion, Diversity & Equity in Recruitment, please click here .

Adjustments and accommodations throughout the recruitment process

At KPMG, we strive for an inclusive recruitment process that allows all candidates to Come As You Are and Thrive with Us.

We aim to provide a positive experience and are ready to offer adjustments or accommodations to help you perform at your best.

Adjustments (an informal request), i.e. extra preparation time or the option for micro breaks during interviews, and accommodations (a formal request), i.

e. accessible communication supports or technology aids are tailored to individual needs and role requirements.

To begin a confidential conversation about adjustments or accommodations at any point throughout the recruitment process, we encourage you to contact KPMG's Employee Relations Service team for support by emailing cdnersteamkpmg.

ca or by calling 1-888-466-4778, Option 3.

For information about accessible employment at KPMG, please visit our accessibility page .

30+ days ago
Related jobs
KPMG
Canada, Canada

The Senior Threat Hunting Lead will be responsible for security threat monitoring, security event triage, and incident response to hunt and assess, monitor, detect, respond and remediate advanced threats. The Senior Threat Hunting Lead is a part of the Information Security Team. Strong technical exp...

Behavox
Canada -
Remote

As part of the Behavox Cyber Security team the Security Incident Response Analyst will monitor, detect, analyze, and mitigate cyber security incidents. Improve and optimization of SIEM security events working on a team dedicated to extraordinary Cyber Security standards. Experience working with Secu...

Coinbase
Canada
Remote

We are looking for a Senior Analyst for International Security within NAMER. Your role includes supporting the build out and execution of International Security first line activities to support ongoing business demands and continued expansion across AMER while collaborating with teams across the com...

Jobber
Canada
Remote

Our Security Analyst, GRC, focuses on the governance side of security and is not a technical security operations position requiring specific technical certifications or experience. This opportunity fits those earlier in their security career, new graduates with internship experience, or those lookin...

Great Canadian Gaming Corp.
Canada, Canada

Business Analyst, User Security (Access Management) Job #62111. Mindwire is currently seeking a Business Analyst (Access Management) to work for our valued Private Sector client. Identify, recommend and implement security solutions, automations and enhancements to improve overall user access managem...

BMO
Canada, Canada

Executes testing to provide insights and recommendations on test results, findings, identified issues, re-performance testing, and continuous improvement insights.Executes testing, monitoring and operational activities of various complexity based on assigned portfolio ensuring adherences to establis...

Promoted
Superprof
Canada

Superprof is Canada's #1 tutoring platform, and we're actively recruiting passionate tutors! Whether you're a student, a professional, or simply someone who loves teaching, join the largest community of tutors worldwide.With Superprof, you can set your own rates, choose between online or in-person t...

Rosewood Hotel Georgia
Canada

Press space or enter keys to toggle section visibility .Courteously greet and escort guests to tables and assist in seating, ensuring hotel's standards of service.Assist in preparing the restaurant for service and maintaining the cleanliness of the room at all times.Liaise with incoming i...

Promoted
Superprof
Canada

Superprof is Canada's #1 tutoring platform, and we're actively recruiting passionate tutors! Whether you're a student, a professional, or simply someone who loves teaching, join the largest community of tutors worldwide.With Superprof, you can set your own rates, choose between online or in-person t...

LXT
Anywhere, ON, CA

Please Note: This is a paid voluntary study.LXT is an emerging leader in AI training data to power intelligent technology for global organizations.In partnership with an international network of contributors, LXT collects and annotates data across multiple modalities with the speed, scale and agilit...