Share this Job

Monitoring Analyst - Security

Date: Oct 21, 2021

Location: Watford, United Kingdom

Company: KPMG UK

Monitoring Analyst (D)
Reports into: Security Monitoring Lead

The Team/Role:
Working as part of the KPMG Security Operations Centre team within Information Security, you will play a key role in ensuring that the business IT systems are protected and monitored from threats. You will participate in the active monitoring of applications, systems and networks to detect issues and ensure that appropriate actions are taken as part of the Incident Response process.

Key Responsibilities

• Proactively monitor the network security sensors ensuring timely detection, investigation and remediation of potential threats in line with the incident management lifecycle
• Use the advanced security analytics toolsets to monitor for emerging threat patterns and vulnerabilities, attempted or successful breaches
• Work closely with other KPMG teams to ensure that all technologies are activity monitored including troubleshooting where necessary
• Interact with the Global Security Operations Centre (GSOC), including Incident response and intelligence sharing, escalating to management where required
• Triage and manage incidents, events and queries from the business to the relevant resolver group
• Contribute to the Continual Service Improvement of the teams' operations through proactive analysis, engagement and collaboration
• Detect, respond and coordinate response for security events while capturing essential details and artefacts
• Operationalise actionable intelligence reports from Threat Intelligence team and external sources
• Maintain event response documentation, participate in post-mortems, and write event reports
• Contribute to projects that enhance the security posture of KPMG
• Identify trends, potential new technologies, and emerging threats, which may impact KPMG
• Review and prioritise alerts based on Standard Operating Procedures
• Review and triage suspected security events reported by staff members or Security Monitoring platforms
• Accurately document work in Incident case management system as per defined standards
• Leverage multiple data sources to analyse detection alerts and staff reported cyber-attacks to identify which events require response activities based on Standard Operating Procedures
• Declare an incident and escalate it to Incident Response team, ensuring findings have been accurately captured in the Incident case management system as per defined standards
• Ensure that cases are accurately categorised to ensure the appropriate feedback is provided to the Detection and Response Engineering team and to facilitate reporting
• Identify and record gaps in visibility and security posture through the course of investigations as per defined Standard Operating Procedures

• Identify potential new detection logic and escalate to the Detection and Response Engineering team
• Hunt for atomic threat indicators from log data and other available endpoint/network artefacts
• Actively participate in Red/Purple Team exercises

The Person

• Hands-on experience working in Information Security with a mature understanding of Cyber security principles
• Hands-on experience within a Security Operations Centre is beneficial
• Familiarity with AWS and Azure environment and security toolsets used in these environments
• Proven ability with Security Incident and Event Management (SIEM) systems
• Experience with Intrusion detection/prevention systems, including Advanced Threat protection
• Experience with vulnerability management tools and methodologies
• Good understanding of the different networking technologies and authentication protocols
• Practical and current knowledge of the Cyber Security threats landscape
• Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute)
• Knowledge of adversarial tactics, techniques, and procedures
• Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
• Knowledge of computer networking concepts and protocols, and network security methodologies
• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
• Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored)
• Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks)
• Knowledge of encryption algorithms
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services

Soft skills and experience

• Experience of working within a Cyber Security operations environment
• Proven customer service skills and experience
• Ability to read and interpret data including security, system, application and device specific logs
• Excellent analytical skills and solutions-oriented approach
• Ability to work in high-demand, busy environments
• Ability to quickly learn new technologies and systems. A methodical approach with accuracy is essential
• Ability to develop and maintain effective working relationships with members of the different KPMG team in the UK and globally

Job Segment: Network Security, Cyber Security, Information Security, Security, Technology