Senior Threat Hunting Lead
KPMG
Overview
At KPMG, you’ll join a team of diverse and dedicated problem solvers, connected by a common cause: turning insight into opportunity for clients and communities around the world.
The Senior Threat Hunting Lead is a part of the Information Security Team , is primarily responsible for gathering specific threat intelligence, leading, responding, resolving security incidents, and performing threat hunts across all environments, including both on-premise and cloud (Azure, AWS, GCP) . The role will contribute to the Security Operations Team and their mandates.
The role requires an in-depth understanding of Threat Intelligence platforms, Threat Hunting methodologies and expertise in leveraging associated tools.
What you will do
The Senior Threat Hunting Lead will be responsible for security threat monitoring, security event triage, and incident response to hunt and assess, monitor, detect, respond and remediate advanced threats. The analyst will also perform investigation to identify root cause, potential gaps, exploitation, mitigate risks and other techniques utilized to bypass security controls
The Senior Threat Hunting Analyst will be the key point of contact for security incidents, anomalies and investigations.
Responsibilities include but not limited to:
- Manage relationships with Threat Intel teams, Global and Regional Security Operations teams and Canadian Technology groups
- Manage, investigate and delegate incidents reported by the SOC, Threat Intel teams, end users and security monitoring tools
- Oversee and lead all reported incidents to completion, ensure incidents are appropriately remediated
- Create and present incident reports to both the Senior Manager and the CISO Office
- Train incident responders to perform threat hunts and improve the incident response process
- Perform threat hunting across all environments, including on-premise and cloud (Azure, AWS, etc.).
- Perform advance threat hunting queries to identify unknown threats and new Indicators of Compromise (IOC’s).
- Propose, develop and implement new SIEM use cases based on threat intelligence and landscape
- Act as the Security Lead on projects to ensure security objectives are met and risks are mitigated
- Liase with threat intelligence teams and partners to obtain intel and guide threat hunting activities.
- Conduct host and network forensics analysis of systems to identify root cause, impact, and Indicators of Compromise (IOC’s).
- Conduct all-source collection and research, analyze, evaluate, and integrate data from multiple cyber threat intelligent sources.
- Develop automation scripts/code to aid and introduce efficiencies in routine IR tasks.
- Perform real-time triaging on security alerts that are populated in a Security Information and Event Management (SIEM) system, Web filtering, ATP/MDE, Azure Security Center or Prisma Cloud.
- Monitor and analyze a variety of network, cloud, and host-based security appliance logs (Firewalls, IPS, NAC, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.
- Independently follow procedures to contain, analyze, and eradicate malicious activity.
- Document all activities during an incident and provided leadership with status updates during the life cycle of the incident.
- Perform malware analysis to determine new IOC’s and impact
- Forensic examination of assets to determine scope of incident and if/what data exfiltration occurred
- Ensure that the security posture of the enterprise cloud environment, delivered across multiple cloud platforms, meets, and exceeds agreed industry-recognized frameworks and standards.
- Assist with operational tickets, incident response, project activities and ad-hoc requests
- Interpret and summarize technical information for presentation to non-technical business contacts.
Position may require on-call and after-hours work, as needed to support KPMG business needs
What you bring to the role
- Excellent verbal and written communication skills, must be able to write/present to senior leadership with impact.
- 3 years in experience in Incident Response / Computer Forensics / Network Forensics / Threat Hunting and Threat Intel or related fields.
- 1-2 years scripting/programming experience preferred e.g. Python, PowerShell, SQL, KQL.
- Hands-on experience with at least 1 EDR solution such as Carbon Black or MDE.
- Strong technical experience in the implementation and maintenance of security processes, including threat event lifecycle management, Threat Hunting, and Threat Intelligence activities
- Technical proficiency with MITRE ATT&CK Framework and how it’s used to assess, enhance, and test security monitoring, threat detection, and mitigation activities.
- Understanding of frameworks such as NIST, RMF, ISO etc.
- Experience with cyber threat actor attribution and their associated tactics, techniques, and procedures (TTPs).
- Experience with public Cloud platforms (AWS, Azure, GCP).
- Good understanding of SOC, Cloud operations, security, automation, and orchestration. Previous SOC experience is preferred.
- Understanding of possible attack activities such as network probing/scanning, DDOS, APT, malicious code activity, reverse engineering, malware analysis etc.
- Knowledge in security platforms such as Cisco, Palo Alto NGFW, Proofpoint, Qualys, SIEM, EDR, DLP, etc.
- Minimum of 2 years of experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
- GCIH, GCFA, GCFE, GNFA along with CISSIP or other similar Security certifications is an asset
- Knowledge of current security trends, threats and mitigations.
Providing you with the support you need to be at your best
For more information about KPMG in Canada’s Benefits and well-being, click here .
Our Values, The KPMG Way
Integrity, we do what is right | Excellence, we never stop learning and improving | Courage, we think and act boldly | Together, we respect each other and draw strength from our differences | For Better, we do what matters
KPMG in Canada is a proud equal opportunities employer and we are committed to creating a respectful, inclusive and barrier-free workplace that allows all of our people to reach their full potential. A diverse workforce is key to our success and we believe in bringing your whole self to work. We welcome all qualified candidates to apply and hope you will choose KPMG in Canada as your employer of choice. For more information about Inclusion, Diversity & Equity in Recruitment, please click here .
Adjustments and accommodations throughout the recruitment process
At KPMG, we strive for an inclusive recruitment process that allows all candidates to Come As You Are and Thrive with Us. We aim to provide a positive experience and are ready to offer adjustments or accommodations to help you perform at your best. Adjustments (an informal request), i.e. extra preparation time or the option for micro breaks during interviews, and accommodations (a formal request), i.e. accessible communication supports or technology aids are tailored to individual needs and role requirements.
To begin a confidential conversation about adjustments or accommodations at any point throughout the recruitment process, we encourage you to contact KPMG’s Employee Relations Service team for support by emailing cdnersteam@kpmg.ca or by calling 1-888-466-4778, Option 3.
For information about accessible employment at KPMG, please visit our accessibility page .