Threat Hunter

Cyber_MS_MDR_TH - Consultant

Function: KGS Response Team

Position: Threat Hunter

Location: Bangalore/Pune

 

Qualification

• Bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field. Certification in any SIEM or Threat Intelligence tools would be an added advantage.

Roles and responsibilities

The primary role of a Threat Hunter is to perform analysis, monitoring, and reporting using SIEM tools and Threat Intelligence platforms. The Threat Hunter’s objective is to provide KPMG with relevant threat information to protect KPMG and its customers’ businesses. The Threat Hunter will gather threat information from multiple locations, including deep and dark web sources, and report any threat information they find that are relevant to KPMG’s clients’ businesses. This specific position on the team will focus on collecting and analyzing threat information related to KPMG’s Managed Detection and Response service.

Specifically, the Threat Hunter will:

1. Conduct real-time monitoring of attack surfaces and deep and dark web forums to gather threat information relevant to KPMG clients
2. Performing threat hunting using various toolsets and based on intelligence gathered
3. Develop attack detection and response playbooks and counter-measure definition and strategies to mitigate emerging threats
4. Utilize Threat Intelligence and Threat Models to create threat hypotheses
5. Plan and scope threat hunting exercises to verify threat hypotheses
6. Conduct threat modeling exercises to improve threat detection and mitigation abilities
7. Proactively and iteratively search through systems and networks to detect advanced threats
8. Analyze host, network, and application logs in addition to malware and code
9. Prepare and report risk analysis and threat findings to appropriate stakeholders
10. Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation
11. Assist with containment of threats and remediation of environment during or after an incident
12. Provide situational awareness and understanding of threats related to KPMG or its customer to enhance the decision-making process at the organization level.

The ideal candidate will: 

• Have at least 60 months of MDR/SOC/Incident response experience in a large IT environment focused on information security
• Act as a workstream participant to support tier-1, tier-2, or tier-3 SOC environments
• Be able to perform Tactic based hunts and provide real time intel during zero-day situations.
• Respond to requests for information from clients or customers
• Be a quick learner and adaptable to changing environments
• Deliver timely and high-quality work diligently
• Have strong analytical skills
• Build strong professional working relationships with client personnel
• Have knowledge on implementing or integrating threat intelligence platforms with an MDR/SOC
• Identify issues, opportunities for improvement, and communicate them to an appropriate senior member

Technical skills:

• Experience with SIEM tools (QRadar, Splunk, LogRhythm, Solarwinds, etc.)
• Experience in Azure Sentinel
• Experience in Threat Hunting and 3rd party CTI sources such as Recorded Future, Virus Total TI, Crowdstrike TI etc.
• Minimum of 5 years of experience in IT Security activities
• Minimum of 4 years of operating experience in industry-leading User and Entity Behavior Analytics (UEBA) and Security Orchestration, Automation and Response (SOAR), threat intelligence platforms and tools
• Familiarity with incident response process and activities
• Solid scripting skills (Perl or Python, or Shell)
• Solid understanding of information security domains and information technology
• Must have C|EH or Threat Intelligence related certifications
• One or more technical certifications: (Security+, C|EH, Network+, Certified Information Systems Security Professional (CISSP), GIAC Certified Intrusion Analyst, GIAC Certified Incident Handler, or GIAC Reverse Engineering Malware)
• Familiarity with ticketing tool / ITSM tool

Behavioral/team skills

• Strong investigative mindset with an attention to detail
• Excellent communication (written, verbal) and interpersonal skills
• Superior organizational skills and time management/ prioritization
• Flexibility to adapt to a different type of engagement, working hours and work environments, and locations
• Proven ability to work creatively, analytically towards problem-solving
• Desire to learn and contribute
• A focused and self-motivated approach to work
• Ability to provide guidance to team members
• Personal drive, positive work ethic to deliver results within tight deadlines and in demanding situations
• Ability to guide security operators/analysts to enhance their technical skills

Function: KGS Response Team

Position: Threat Hunter

Location: Bangalore/Pune

 

Qualification

• Bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field. Certification in any SIEM or Threat Intelligence tools would be an added advantage.

Roles and responsibilities

The primary role of a Threat Hunter is to perform analysis, monitoring, and reporting using SIEM tools and Threat Intelligence platforms. The Threat Hunter’s objective is to provide KPMG with relevant threat information to protect KPMG and its customers’ businesses. The Threat Hunter will gather threat information from multiple locations, including deep and dark web sources, and report any threat information they find that are relevant to KPMG’s clients’ businesses. This specific position on the team will focus on collecting and analyzing threat information related to KPMG’s Managed Detection and Response service.

Specifically, the Threat Hunter will:

1. Conduct real-time monitoring of attack surfaces and deep and dark web forums to gather threat information relevant to KPMG clients
2. Performing threat hunting using various toolsets and based on intelligence gathered
3. Develop attack detection and response playbooks and counter-measure definition and strategies to mitigate emerging threats
4. Utilize Threat Intelligence and Threat Models to create threat hypotheses
5. Plan and scope threat hunting exercises to verify threat hypotheses
6. Conduct threat modeling exercises to improve threat detection and mitigation abilities
7. Proactively and iteratively search through systems and networks to detect advanced threats
8. Analyze host, network, and application logs in addition to malware and code
9. Prepare and report risk analysis and threat findings to appropriate stakeholders
10. Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation
11. Assist with containment of threats and remediation of environment during or after an incident
12. Provide situational awareness and understanding of threats related to KPMG or its customer to enhance the decision-making process at the organization level.

The ideal candidate will: 

• Have at least 60 months of MDR/SOC/Incident response experience in a large IT environment focused on information security
• Act as a workstream participant to support tier-1, tier-2, or tier-3 SOC environments
• Be able to perform Tactic based hunts and provide real time intel during zero-day situations.
• Respond to requests for information from clients or customers
• Be a quick learner and adaptable to changing environments
• Deliver timely and high-quality work diligently
• Have strong analytical skills
• Build strong professional working relationships with client personnel
• Have knowledge on implementing or integrating threat intelligence platforms with an MDR/SOC
• Identify issues, opportunities for improvement, and communicate them to an appropriate senior member

Technical skills:

• Experience with SIEM tools (QRadar, Splunk, LogRhythm, Solarwinds, etc.)
• Experience in Azure Sentinel
• Experience in Threat Hunting and 3rd party CTI sources such as Recorded Future, Virus Total TI, Crowdstrike TI etc.
• Minimum of 5 years of experience in IT Security activities
• Minimum of 4 years of operating experience in industry-leading User and Entity Behavior Analytics (UEBA) and Security Orchestration, Automation and Response (SOAR), threat intelligence platforms and tools
• Familiarity with incident response process and activities
• Solid scripting skills (Perl or Python, or Shell)
• Solid understanding of information security domains and information technology
• Must have C|EH or Threat Intelligence related certifications
• One or more technical certifications: (Security+, C|EH, Network+, Certified Information Systems Security Professional (CISSP), GIAC Certified Intrusion Analyst, GIAC Certified Incident Handler, or GIAC Reverse Engineering Malware)
• Familiarity with ticketing tool / ITSM tool

Behavioral/team skills

• Strong investigative mindset with an attention to detail
• Excellent communication (written, verbal) and interpersonal skills
• Superior organizational skills and time management/ prioritization
• Flexibility to adapt to a different type of engagement, working hours and work environments, and locations
• Proven ability to work creatively, analytically towards problem-solving
• Desire to learn and contribute
• A focused and self-motivated approach to work
• Ability to provide guidance to team members
• Personal drive, positive work ethic to deliver results within tight deadlines and in demanding situations
• Ability to guide security operators/analysts to enhance their technical skills

Function: KGS Response Team

Position: Threat Hunter

Location: Bangalore/Pune

 

Qualification

• Bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field. Certification in any SIEM or Threat Intelligence tools would be an added advantage.

Roles and responsibilities

The primary role of a Threat Hunter is to perform analysis, monitoring, and reporting using SIEM tools and Threat Intelligence platforms. The Threat Hunter’s objective is to provide KPMG with relevant threat information to protect KPMG and its customers’ businesses. The Threat Hunter will gather threat information from multiple locations, including deep and dark web sources, and report any threat information they find that are relevant to KPMG’s clients’ businesses. This specific position on the team will focus on collecting and analyzing threat information related to KPMG’s Managed Detection and Response service.

Specifically, the Threat Hunter will:

1. Conduct real-time monitoring of attack surfaces and deep and dark web forums to gather threat information relevant to KPMG clients
2. Performing threat hunting using various toolsets and based on intelligence gathered
3. Develop attack detection and response playbooks and counter-measure definition and strategies to mitigate emerging threats
4. Utilize Threat Intelligence and Threat Models to create threat hypotheses
5. Plan and scope threat hunting exercises to verify threat hypotheses
6. Conduct threat modeling exercises to improve threat detection and mitigation abilities
7. Proactively and iteratively search through systems and networks to detect advanced threats
8. Analyze host, network, and application logs in addition to malware and code
9. Prepare and report risk analysis and threat findings to appropriate stakeholders
10. Create, recommend, and assist with development of new security content as the result of hunt missions to include signatures, alerts, workflows, and automation
11. Assist with containment of threats and remediation of environment during or after an incident
12. Provide situational awareness and understanding of threats related to KPMG or its customer to enhance the decision-making process at the organization level.

The ideal candidate will: 

• Have at least 60 months of MDR/SOC/Incident response experience in a large IT environment focused on information security
• Act as a workstream participant to support tier-1, tier-2, or tier-3 SOC environments
• Be able to perform Tactic based hunts and provide real time intel during zero-day situations.
• Respond to requests for information from clients or customers
• Be a quick learner and adaptable to changing environments
• Deliver timely and high-quality work diligently
• Have strong analytical skills
• Build strong professional working relationships with client personnel
• Have knowledge on implementing or integrating threat intelligence platforms with an MDR/SOC
• Identify issues, opportunities for improvement, and communicate them to an appropriate senior member

Technical skills:

• Experience with SIEM tools (QRadar, Splunk, LogRhythm, Solarwinds, etc.)
• Experience in Azure Sentinel
• Experience in Threat Hunting and 3rd party CTI sources such as Recorded Future, Virus Total TI, Crowdstrike TI etc.
• Minimum of 5 years of experience in IT Security activities
• Minimum of 4 years of operating experience in industry-leading User and Entity Behavior Analytics (UEBA) and Security Orchestration, Automation and Response (SOAR), threat intelligence platforms and tools
• Familiarity with incident response process and activities
• Solid scripting skills (Perl or Python, or Shell)
• Solid understanding of information security domains and information technology
• Must have C|EH or Threat Intelligence related certifications
• One or more technical certifications: (Security+, C|EH, Network+, Certified Information Systems Security Professional (CISSP), GIAC Certified Intrusion Analyst, GIAC Certified Incident Handler, or GIAC Reverse Engineering Malware)
• Familiarity with ticketing tool / ITSM tool

Behavioral/team skills

• Strong investigative mindset with an attention to detail
• Excellent communication (written, verbal) and interpersonal skills
• Superior organizational skills and time management/ prioritization
• Flexibility to adapt to a different type of engagement, working hours and work environments, and locations
• Proven ability to work creatively, analytically towards problem-solving
• Desire to learn and contribute
• A focused and self-motivated approach to work
• Ability to provide guidance to team members
• Personal drive, positive work ethic to deliver results within tight deadlines and in demanding situations
• Ability to guide security operators/analysts to enhance their technical skills

Experience Level

Senior Level