Cyber Incident Response - Assistant Manager

Job Description

Job description Cyber Incident Response - Assistant ManagerThe TeamWe are looking for a cyber incident responder. You will demonstrate strong technical background, with experience in incident response and digital forensics and be looking to grow skillsand experience. You will be expected to lead one or two analysts to achieve a task in a project, as well as have the opportunity to work with, and learn from, our most experienced team members as part of your continuous development.This is a hands-on rolewith opportunities to grow into management. The successful candidate is expected to manage cyber-security incidents as well as perform digital forensics (disk, volatile memory, network packets, logfiles) and help advance KPMGs proprietary in-house toolkit.Unfortunately, cyber attackers dont work 9 to 5 and its often the case we dont either. There is therefore an expectation for flexibility with working hours. In return, we will support flexible working hours to allow you to catch up.When not responding toincidents, you will help our clients to build their in-house incident response capabilities, which will include: building and developing cyber-response tools, authoring and adapting runbooks/playbooks, assessing the incident response maturity, assisting intable-top cyber-scenario exercises.The role will be working in the Cyber Response Services (CRS) Team within our Connected Technology Risk Consulting practice. You will be tagged to our National Markets team which has a presence in our Manchester, Leeds, Bristol,Birmingham and London offices. You will work very closing with the CRS team across the country.The RoleYour responsibilities will include: Helping to manage and co-ordinate client cyber security incidents, working closely with the incident management leadwithin the team. Digital forensics of relevant incident data (disk, volatile memory, network packets, log files).Maintaining a current view of the cyber threat, and being able to advise clients on the threat landscape and attacks which may be relevantto them. Developing KPMGs in house cyber-response tools. Helping assess client incident response capability maturity. Helping stand-up or improve clients own incident response capabilities. Helping with project management of engagements to deliver highquality work in a timely manner, including:a) Scopingb) Basic financial managementc) Engagement and risk managementd) Production and review of deliverables. Liaising with clients on delivery, implementation and sales.The PersonKPMG is looking for someonewho is passionate about helping our clients with their cyber security challenges, often at a time of critical need. This position is well suited for an individual with 3 to 5 years of experience in cyber-security and incident response. For example: a verycommon type of incident is ransomware on a single workstation/laptop. You should be able to guide a client through a structured incident response process - triage, containment, eradication and recovery. If you are provided with forensic data such as: diskimage, memory image and network data capture or proxy logs, you should be able to identify malware artefacts, source of infection and use online research to identify malware family. Additionally, we would expect you to have: A broad understanding of the cybersecurity threat landscape. Strong technical background in computers and networks, and programming skills. Experience of dealing with cyber security incidents and associated response measures. Experience of being part of an incident response team, eitherholding a formal role, or being able to evidence your personal contribution to the team. Understanding of a wide range of information security and IT methodologies, principles, technologies and techniques. A genuine interest and desire to work in the informationsecurity field. Standing and positive reputation in the information security community is seen as a plus.Dont worry if you cant tick every point. What is more important is a good competency in incident management, but with a developing competency and keeninterest in digital forensics, or vice versa. What qualifications and skill are we afterThe successful candidate will demonstrate competency in computing and networks as well as in cyber-security either by having the relevant work experience, completed adegree or obtained industry relevant certification. Therefore, what we list below should be seen as means to demonstrate competency and not a requirement:Excellent communication skills (both written and oral) and project management skills. You will be expectedto draft jargon-free memos post-incident for clients.Strong IT and network skills - knowledge of common enterprise technologies - Windows and Windows Active Directory, Linux, Cisco, etc. Working programming skill-set to be able to author and developtools. Most in-house security tools in KPMG are written in Python, but we accept that a competent programmer will be able to transfer skillsets across languages. Technical proficiency in at least one of these areas: a) Network security/traffic/log analysis;b) Linux and/or Mac/Unix operating system forensics; c) Linux/Unix disk forensics (ext2/3/4, HFS+, and/or APFS file systems);d) Advanced memory forensics;e) Static and dynamic malware analysis / reverse engineering; and orf) Advanced mobile device forensicsExperience with and understanding of enterprise Windows security controls Advanced experience in industry computer forensic tools such as X-Ways, EnCase, FTK, Internet Evidence Finder (IEF) / AXIOM, TZWorks, and/or Cellebrite Advanced experience in preservationof digital evidence (including experience preserving cloud data and handling encryption such as BitLocker, FileVault, and/or LUKS)We would also prefer you to have the following under your belt, but its not essential: (Preferred) General information securitycertificates such CISSP, CISM or CISA.(Preferred) Incident management certifications, such as:a) CREST certified incident manager (CCIM); orb) GIAC Certified Incident Handler (GCIH) (Preferred) Digital forensics certificates such as:a) CREST certifiedregistered intrusion analyst (CRIA);b) CREST certified network intrusion analyst (CCNIA);c) CREST certified host intrusion analyst (CCHIA)d) CREST certified malware reverse engineer (CCMRE); and ore) GIAC Certified (Network) Forensic Analyst (GCFA, GNFA)