Consultant/Senior Consultant Cyber Security - Incident Response

• Gather, analyze and maintain data to support investigative, risk and mitigation efforts.
• Lead computer and network forensic investigations and cyber incident response engagements through log analysis, malware triage, binary reverse engineering.
• Independently perform digital forensic analysis on various platforms and mobile devices utilizing various forensic tools such as, but not limited to, EnCase, Magnet Axiom and Cellebrite.
• Utilize and analyze results from incident response and forensic tools to assess host and network-based artifacts.
• Develop incident investigation and digital forensic reports articulating technical investigations.
• Leverage out-of-the-box thinking to tackle and overcome client challenges.
• Contribute to continued development of the Cyber Response team, supporting internal development opportunities and process enhancement.
• Actively contribute to thought leadership and business development campaigns.
• Remain up to date on computer forensic and cyber incident trends and technologies through testing and research.
• Fulfill regular on-call responsibilities.

• Undergraduate degree in Computer Science, Information Technology, or related field.
• A minimum of three years of previous incident response or CSIRT experience is desired.
• Hands-on experience with various security tools including log management, web proxies, endpoint protection platforms, etc. is preferred.
• Completion of relevant certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensic Analyst (GNFA) or EnCase Certified Examiner (EnCE), CCFP ISC(2) or similar.
• Minimum of two years of experience with using forensic software applications (e.g. EnCase, FTK, Autopsy, Magnet Axiom, Cellebrite, Wireshark, OpenVAS, Snort, Magnet IEF/Axiom) and techniques to capture electronic data from computers, external media, networks and mobile data devices.
• Experience in an advisory or external consulting capacity or as a corporate incident response handler will be a plus.
• Hands-on computer forensic experience such as Windows, Unix and or/Linux disk and memory forensics, Host and Network-based security monitoring, traffic and log analysis and static and dynamic malware analysis in support of incident response investigations and possible litigation with an understanding of evidence handling procedures.
• Familiarity with Endpoint Detection and Response (EDR) tools such as CrowdStrike, CarbonBlack, Windows Defender for Endpoints and/or SentinelOne.
• Familiarity with Splunk, Azure Sentinel, Qradar for incident response will be preferred.
• Familiarity and up to date knowledge of common threat actor TTPs (tools, techniques and procedures) and how they relate to the stages of the MITRE ATT&CK® Framework. Familiarity with Internet security issues, cloud architectures, and threat landscape.
• Knowledge of incident response for O365 and Google Workspace productivity tools will be considered a plus.
• Knowledge of AWS, GCP and Azure cloud environments, and performing investigations in the cloud will be considered a plus.
• Demonstrate technical knowledge, specifically in the fields of operating system security, network security, cryptography, software security, malware analysis, forensics, security operations, incident response, and emergent security intelligence.
• Demonstrate passion to learn and thrive in a dynamic and constantly changing environment
• Demonstrated strong knowledge of web protocols, common attacks, and an in-depth knowledge of Linux/Unix tools and architecture.

KPMG