The Consulting business at KPMG Global Services (KGS) is a diverse team of more than 6400 professionals. We work with KPMG Firms worldwide to transform the businesses of clients across industries through the latest technology and innovation. Our technology professionals combine deep industry knowledge with strong technical experience to navigate through complex challenges and deliver real value for our clients.
Through your work, you'll build a global network and unlock opportunities that you may not have thought possible with access to great support, vast resources, and an inclusive, supportive environment to help you reach your full potential.
Educational qualifications
Bachelor's degree in Computer Science / Cyber Security / IT or related field
Relevant certifications (preferred):SC-200, AZ-104, AZ-900, ISC2 CC, DFIR-focused certifications
Work experience
3-5 years of experience in:
Incident Response / SOC / Threat Hunting / Digital Forensics / Device Security
Experience in global client engagements (US/UK/Europe)
Mandatory technical & functional skills
Incident Response lifecycle (Detect Respond Recover)
Digital Forensics (especially Windows endpoint artifacts)
Threat Hunting methodologies and hypothesis-driven analysis
Hands-on experience in:
SIEM tools (Microsoft Sentinel, Kibana)
EDR tools (Microsoft Defender, SentinelOne, CrowdStrike - exposure)
Knowledge of:
SOC operations, alert triage, and monitoring
Email security incidents (BEC, phishing investigations)
Strong:
Analytical and problem-solving skills
Technical report writing and documentation skills
Communication and stakeholder engagement skills
Preferred technical & functional skills
Exposure to:
Threat Intelligence integration and enrichment
Cloud security monitoring (Azure / Microsoft 365)
Identity-related attack scenarios (IAM abuse, privilege escalation)
Familiarity with:
IAM tools (SailPoint, Ping, CyberArk)
Network/security tools (Palo Alto, Vectra)
Experience in:
Automation, scripting, or notebook-based investigations (Jupyter)
Roles & responsibilities
Core Delivery
Execute digital forensics and incident response (DFIR) engagements across endpoints, logs, and cloud environments
Perform security incident triage, investigation, containment, eradication, and recovery activities
Conduct threat hunting using SIEM, EDR, and network telemetry tools (e.g., Microsoft Sentinel, Defender, Palo Alto, Vectra)
Analyze Business Email Compromise (BEC) and Microsoft 365 audit logs to identify attack vectors and impact
Perform endpoint forensic analysis (Windows-based) and artifact review to support investigations
Analysis & Reporting
Perform log analysis, Google Takeout analysis, and data repository investigations.
Develop incident investigation reports, executive summaries, and technical findings
Document attack timelines, root cause analysis, and remediation recommendations
Support audit and compliance evidence preparation (CMA, SOPs, playbooks)
Operations & Engineering Support
Assist in SOC operations, detection tuning, and use case development
Support automation and improvement of IR processes and playbooks
Contribute to security tooling usage (SIEM, EDR, forensic tools) and optimization
Client & Stakeholder Engagement
Participate in client discussions, incident briefings, and presentations
Collaborate with global teams on incident response and threat intelligence sharing
Provide actionable insights to improve client security posture
Extended Responsibilities
Conduct tabletop exercises and adversary simulation scenarios to identify detection gaps
Support code repository and sensitive data exposure analysis
Contribute to knowledge management, documentation frameworks, and IR tracking improvements
Participate in proposal development / capability building