Cyber Incident Response Analyst

Job title/position: Analyst Cyber Incident Response

Function and Business Unit: Technology Assurance - Cyber

Description Of The Role And Purpose Of The Job

KPMG is currently seeking two (2) Cyber Incident Response Consultants, to join our Cyber Security practice. Cyber Security is a part of a wider Technology Assurance practice.

The KPMG Cyber Security practice is one of our fastest growing practices. We are seeing tremendous client demand and looking forward we don't anticipate that slowing down. In this ever-changing market environment, our professionals must be adaptable and able to thrive in a collaborative, team-driven culture. At KPMG, our people are our number one priority. With a wealth of learning and career development opportunities, a world-class training facility and leading market tools, we make sure our people continue to grow both professionally and personally. If you're looking for a firm with a strong team connection where you can be yourself, make an impact, advance your skills, deepen your experiences, and have the flexibility to constantly find new areas of inspiration and expand your capabilities, you will be a good fit for our Cyber Security practice.

You Will Be Exposed To a Range Of Exciting Projects Across Industry Sectors And Service Lines In The Following Areas (the Focus Being Cyber Incident Response And Investigations

Working with KPMG you will consult on client projects, translating business and customer needs into innovative business and technology solutions. You will identify changes and recommend solutions that will typically involve a combination of cyber incident response and security excellence outcomes.

• Digital forensic, cyber incident response and investigations.
• Cyber defence and security assessments.
• Cyber security strategy and governance.
• Cyber transformation.

Key Responsibilities

• Acting as a subject matter expert in the business for specific technology domains.
• Engage in planning, design, implementation, testing, and operation of cyber breach resilience processes and systems on client networks.
• Perform host, network, and mobile device forensics; log analysis; malware triage as part of a cyber incident response team.
• Perform proactive incident response services such as cyber incident response simulation exercises, threat hunting, and compromise assessments.
• Analyse and provide findings on large complex data sets.
• Provide on-site assistance to clients as needed for incident response services.
• Develop next generation cyber resilience solutions that help minimise impact, decrease likelihood, and increase adaptability to cyber threats.
• Deploy and utilise endpoint detection and response (EDR) solutions in response to cyber incidents.
• Analyse, workshop and present insights and recommendations enabled by strategic thinking, technical knowledge and strong and clear communication skills.
• Deliver high quality deliverables and outcomes for our clients.
• Ability to identify potential business development / sales opportunities.
• Report writing.

Skills

Skills and attributes required for the role:

• Experience in investigating cyber security incidents and dealing with associated response measures.
• Advanced experience with industry leading digital forensic analysis tools via graphical and command line interface and with at least one scripting/programming language (Python preferred), and/or extensive experience with data manipulation using tools of your choice.
• Technical proficiency in at least one of these areas: network security/traffic/log analysis; Linux and/or Mac/Unix operating system forensics; Linux/Unix disk forensics (ext2/3/4, HFS+, and/or APFS file systems), advanced memory forensics, static and dynamic malware analysis / reverse engineering, advanced mobile device forensics.
• Understanding of a wide range of information security and IT methodologies, principles, technologies and techniques.
• Ability to collaborate, learn and work with cross functional teams like system administrators, data scientists, architects, and cyber security engineers to customise breach resilient solutions.

Personal Attributes

• Good communication and interpersonal skills.
• Team player
• Ability to adapt, multi-task and work on multiple engagement simultaneously.
• Ability to work under pressure while still delivering high quality work.

Minimum requirements to apply for the role (including qualifications and experience):

• A minimum of 3 - 5 years of experience being part of an incident response team, either holding a formal role, or being able to evidence your contribution to the team.
• Bachelor's degree from an accredited college/university or equivalent experience.
• Experienced in industry computer forensic tools such as X-Ways, EnCase, FTK, Internet Evidence Finder (IEF) / AXIOM, TZWORKS and / or Cellebrite.
• Experience in preservation of digital evidence (including experience in preserving cloud data and handling encryption such as BitLocker, FileVault, and/ or LUKS).

The Following Are Desirable

• EnCase certified Examiner (EnCE).
• Security related certifications such as CISSP, CISA or CISM.
• Incident management certifications such as: CREST certified incident manager (CCIM), GIAC Certified Incident Handler (GCIH).
• Digital forensics certificates such as: CREST certified registered intrusion analyst (CRIA), CREST certified network intrusion analyst (CCNIA), CREST certified host intrusion analyst (CCHIA), CREST certified malware reverse engineer (CCMRE), GIAC Certified (Network) Forensic Analyst (GCFA, GNFA).

Minimum requirements to apply for the role (including qualifications and experience):

• A minimum of 3 - 5 years of experience being part of an incident response team, either holding a formal role, or being able to evidence your contribution to the team.
• Bachelor's degree from an accredited college/university or equivalent experience.
• Experienced in industry computer forensic tools such as X-Ways, EnCase, FTK, Internet Evidence Finder (IEF) / AXIOM, TZWORKS and / or Cellebrite.
• Experience in preservation of digital evidence (including experience in preserving cloud data and handling encryption such as BitLocker, FileVault, and/ or LUKS).

The Following Are Desirable

• EnCase certified Examiner (EnCE).
• Security related certifications such as CISSP, CISA or CISM.
• Incident management certifications such as: CREST certified incident manager (CCIM), GIAC Certified Incident Handler (GCIH).
• Digital forensics certificates such as: CREST certified registered intrusion analyst (CRIA), CREST certified network intrusion analyst (CCNIA), CREST certified host intrusion analyst (CCHIA), CREST certified malware reverse engineer (CCMRE), GIAC Certified (Network) Forensic Analyst (GCFA, GNFA)