Information Security Engineer Content Development

Job Description

Job description The TeamITS Global (Information Technology Services Global) is one of four pillars within KPMGs Global Technology & Knowledge group. As such, ITS Global provides innovative components that KPMGs business functions and member firms use to deliver client-facing solutions. ITS Global also provides the information protection and technology infrastructure that secures KPMGs technology environment and connects its network of member firms. ITS Global works with the other GT&K pillars to provide KPMG technology solutions that leverage world-leading partnerships, disruptive digital capabilities and access to the firms collective intelligence.KPMGs IPG Manages Security Services (IMSS) helps defend KPMG and its clients from cyber-attacks, through timely detection, investigation and remediation of potential threats.The RoleThe role holder is responsible for the continuous development of content management, correlation rules and reporting, providing technical insight into current and emerging threat activity based on threat modelling tools and techniques.Subject Matter Expert for Cyber Security monitoring, managing the delivery of all content management for detecting threats aligned with the Mitre Att&ck Framework and Cyber Kill Chain utilizing native Microsoft security monitoring solutions.• Ensure all continuous improvement such as adding new types of detection logic, use cases, intelligence and data enrichment feed and log type• Attend content meetings with IMSS operational team to review Security Incidents and collaborate on content tuning• Ensure all content rule changes are handle to the required IMSS standards and KPIs• Improve and challenge existing processes and procedures in a very agile global and fast-moving information security environment.• Responsible for identifying & profiling current and emerging threats.• Communicates with management on Threat landscape; able to own and adhere to threat modelling lifecycle.• Maintain documentation on residual risk, along with assignment of leadership owners and recommended steps for remediation.Skills, Experience & Qualifications• Possesses experience with Microsoft Azure Security monitoring solutions including configuration and management of;Microsoft Azure SentinelMicrosoft Defender Advanced Threat Protection (MDATP)Microsoft Cloud App Security (MCAS)Azure Security Centre (ASC)Azure Advanced Threat Protection (AATP)• Solid understanding of log management (format, storage, transport, etc.) and different types of log sources• Experience with Azure and O365 management and security logging capabilities• Experience with content management and writing detection logic on security event platforms• Experience with Query Languages (e.g. KQL)• Scripting or programming experience in Python/Powershell• In depth knowledge of Linux OS and Windows OS• Understanding of security vulnerabilities in common operating systems, web and applications, including knowledge of remediation procedures.• Solid technical background in a hosted services environment - physical and cloud infrastructure, networks, hardware and software.• Experience with configuring and using automated monitoring tools• Experience integrating on premise and cloud solutions (Hybrid Azure Infrastructure).• Advanced understanding of information security, border protection, incident handling & response, forensics, endpoint protection & encryption• Experience of working in a high volume and result-oriented operational environment.• Experience of working in high performing teams and understand the dynamics of teamwork in a SOC environment.• Excellent written and oral communications. Experience working with vendors and various solution providers• Able to evaluate current people, processes, technology, and business drivers to improve the IMSS.• Demonstrated ability to document processes and procedures.• Strong ability to communicate write clearly and speak authoritatively to different audiences