Manager, Cyber Defence

Overview
At KPMG, you'll join a team of diverse and dedicated problem solvers, connected by a common cause: turning insight into opportunity for clients and communities around the world.

Are you a talented individual with a proven track record on executing project deliverables.

Our Toronto team is looking for a highly motivated Cyber Security professional at a Manager level to join our team! As a member of KPMG Canada's cross-functional Cyber team, you will be dedicated to the defense and protection of our client critical data, systems, and assets th rough cyber defense and incident response services.

A career within our Cyber Security practice will provide you with the opportunity to help our clients implement robust cybersecurity programs that protects against threats, propels digital and business transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organizations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats.

KPMG's Cyber team has received tremendous investment and has been identified as a transformational part of the firm to deliver growth over the next five years. This is an excellent opportunity for those that are looking to stay ahead of the curve and work in a firm with unparalleled career progression opportunities.

What you will do
As a Manager you'll work as part of a team of problem solvers with extensive consulting and industry experience, supporting our technical engagement team and leveraging your expertise on Incident Response projects and tasks. Specific responsibilities include but are not limited to:

• Engage with a variety of clients on incident response engagements ranging and tasks from operating system security, cloud and network security, cryptography, software security, malware analysis, digital forensics for incident response activities, security operations, and emergent security intelligence;
  
• Perform incident response and cyber investigations. These engagements will require urgent organization, configuring needed toolsets, and communication with the client;
• Leverage forensic tools to on incident response collect, process and analyze computer based evidence (host and network based). Use end-point detection and response (EDR) tools to investigate, monitor and triage potentially compromised end-points;
• Perform digital forensic evidence collection throughout the incident response phases, extensive log analysis and meta-data analysis;
• Perform operating system and hard drive digital forensic evidence analysis;
• Analyze results from tools and determine: indicators of compromise (IOCs), root cause of compromise, possible attack vectors, potential threat actors and the overall risk/threat the client is facing;
• Provide recommendations and advise on steps to mitigate the current attack, present risks and remediate the potentially vulnerable environment and remove the ability of ongoing/future attacks;
• Analyze results of assessment and create technical accurate and articulate reports in a business professional language, to be shared with technical stakeholder, executive stakeholders and potentially third parties;
• Leverage out-of-the-box thinking to tackle and overcome complex client challenges;
• Remain current on the threat landscape, including common and recent threats. Keep your team and clients informed on relevant threat and attack vectors on an on-going basis;
• Contribute to the KPMG Incident Response team's practice development by actively supporting a Cyber/Forensics lab, writing whitepapers, conducting and sharing research, actively assisting with business development opportunities.

What you bring to the role

• Undergraduate degree in Computer Science, Information Technology, or related field;
• Completion of at least one relevant certification such as GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Examiner (GCFE), EnCase Certified Examiner (EnCE), CCFP ISC(2) or similar;
• 5+ years of experience with incident response, preferably in a consulting environment. Internal CSIRT experience will also be considered;
• 5+ years of experience with forensic data collection with technical network, hard drive, and operating systems. Candidates should also have experience with collecting data from cloud platforms for investigations that involve SaaS and PaaS;
• Experience working on consulting incident response engagements with clients, including post-incident reviews;
• Cyber investigation and threat hunting experience;
• Ability to identify and create IOCs (Indicators of Compromise) from performing forensic analysis activities, articulate IOC in technical formats, and present them to stakeholders;
• Hands-on experience and working knowledge of at least one common industry leading or open-source forensic software application (e.g. EnCase, FTK, Autopsy, Magnet Axiom, Cellebrite, Magnet IEF/Axiom) and techniques to capture and process electronic data from computers, virtual machines, external media, networks and mobile data devices;
• Hands on experience with the installation and configuration of End-Point Detection and Response tools, such as Carbon Black, Sentinel One, CrowdStrike Falcon or Elastic Stack;
• Strong knowledge of common attack vectors, initial compromise, lateral movement, privilege escalation and data exfiltration techniques;
• Knowledge of operating systems, networking, web protocol, and cloud architecture;
• Ability to perform log, host and network-based traffic monitoring and analysis, across varying devices, platforms and formats;
• Ability to perform hard drive digital forensics within the incident response phases, across various file and device formats, including Windows and Linux operating systems and mobile device.
• Ability to fulfill regular on-call responsibilities, as part of a team, for urgent incident response activities.
• Master's Degree within a specialization in Cyber Security, Digital Forensics or a related field is advantageous;
• Completion of any additional Cyber Security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) or similar would be advantageous.;
• Hands-on experience incident response and log analytics tools, such as Elastic, Log Stash and Kibana, Sumo Logic, Splunk, etc. Familiarity with multiple open-source tools for data and log analysis;
• Reverse engineering experience on various types of malware, including ransomware, malicious droppers, trojans, customized and obfuscated malicious scripts and other types of malicious files will be advantageous;
• Experience with forensic evidence handling and chain-of-custody procedures and knowledge of potential litigation requirements;
• Experience with programming languages (C, C#) and scripting languages (e.g. Python and Go) and familiar with Bash and PowerShell;
• Experience in other technical Cyber Security domains, such as Penetration Testing, Red Teaming, Security Operation Centre (SOC) or Blue Teaming;
• Able to create solutions and modify your tools, plugins and scripts appropriately to problem at hand;
• Knowledge of common threat actor TTPs (tools, techniques and procedures and how they relate to the stages of the MITRE ATT&CK® Framework.

Providing you with the support you need to be at your best
Our Values, The KPMG Way
Integrity, we do what is right | Excellence, we never stop learning and improving | Courage, we think and act boldly | Together, we respect each other and draw strength from our differences | For Better, we do what matters

KPMG in Canada is a proud equal opportunities employer and we are committed to creating a respectful, inclusive and barrier-free workplace that allows all of our people to reach their full potential. A diverse workforce is key to our success and we believe in bringing your whole self to work. We welcome all qualified candidates to apply and hope you will choose KPMG in Canada as your employer of choice.

Adjustments and accommodations throughout the recruitment process
At KPMG, we are committed to fostering an inclusive recruitment process where all candidates can be themselves and excel. We aim to provide a positive experience and are prepared to offer adjustments or accommodations to help you perform at your best. Adjustments (informal requests), such as extra preparation time or the option for micro breaks during interviews, and accommodations (formal requests), such as accessible communication supports or technology aids, are tailored to individual needs and role requirements. You will have an opportunity to request an adjustment or accommodation at any point throughout the recruitment process. If you require support, please contact KPMG's Employee Relations Service team by calling 1-888-466-4778.