DFIR - Assistant Manager

About the Role - We are seeking a highly motivated and skilled Managed Detection and Response (MDR) Leader to join our growing team. This being a Techno leadership client facing role, you will be responsible for the delivery, business development, and stakeholder management of our MDR services. You will be a hands-on technical expert who thrives in a fast-paced environment and is passionate about cybersecurity.

Roles and responsibilities

• Experience leading a team of high performing Cyber Incident Response & Forensic professionals
• Stakeholder Management, Build and maintain strong relationships with key stakeholders, including customers, executives, and internal teams.
• Strong attention to detail with experience in developing and improving processes, playbooks and procedures. Data aware and driven approach to continuous improvement
• As the Subject Matter Expert (SME) on Cyber Security, render guidance on all Security Incidents and Threats. As a senior security expert, the DFIR lead will be the last Point of Escalation.
• Contribute to the execution of Cyber Security incident response, and investigations spanning across all functions of the DFIR landscape.
• Lead Cyber Security Incident Response as directed by the KPMG standard processes and procedures.
• Strategically work on expanding the footprint of KGS DFIR practice. Liaise with IR teams of KPMG member firms and bring visibility and business to KGS. 
• Rapidly and accurately determine the source of a security incident and moving quickly to identify and apply containment, mitigation, and remediation steps.
• Leverage the corporate incident case management solution to document and report on incidents to meet audit, compliance and legal requirements.
• Conduct in-depth root cause analysis on complex malware and user/system behavior events
• Gather and analyze forensic evidence for cyber security incidents and investigations.
• Design and implement threat and event analysis automation to improve the speed and accuracy of incident identification and mitigation.
• Develop and document enhanced event analysis and incident response processes and procedures
• Carry out end-to-end people management responsibilities of Cyber Response team members. Establish reporting and information sharing relationships with internal/external organizations

Desired Skills/Experience:

• At least 7-10 years of experience in DFIR / Cyber Response / Incident response.
• Experience in a large IT environment focus on information security, Cyber Security attacks, tools & techniques, and experience with Advanced Threat management.
• Experience with host-based forensic analysis and techniques
• Experience conducting Malware Analysis, both static and dynamic methodologies.
• Experience with network intrusion analysis and techniques
• Knowledge of configuring and implementing technical security solutions, including SIEM, IDAM, IDS/IPS, EDR, Cloud Security (Azure, AWS, GCP).
• Experience with a common scripting or programming language, including Perl, Python, Bash, or PowerShell
• In depth memory analysis experience.
• Experience with commonly used forensic toolsets, including EnCase, FTK or BlackLight.
• Red Teaming, Cyber Threat Intelligence and Threat Hunt experience
• Knowledge of Security Orchestration, Automation and Response (SOAR)
• Experience with cyber security automation and orchestration development, including advanced scripting in multiple languages such as Python, Ruby, PowerShell, etc…
• Experience performing forensic analysis of systems with purpose built solutions or by manual process and open source utilities as appropriate.
• Experience reviewing raw logs and performing advanced data correlation and analysis (i.e. firewall, network flow, IPS, endpoint protection, web application, host OS, database, AAA, etc…).
• Certifications 
  • Offensive Security Certified Professional (OSCP)
  • SAN’s 500
  • GIAC Certified Incident Handler (GCIH),
  • GIAC Reverse Engineering Malware (GREM),
  • GIAC Certified Forensic Examiner (GCFE),
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Certified Intrusion Analyst (GCIA)
• Certification CISSP or other equivalent certifications related to cyber forensics and incident handling is a plus.

Behavioral /team skills

• Excellent communication (written, verbal) and interpersonal skills
• Flexibility to adapt to a variety of engagement types, working hours and work environments, and locations
• Proven ability to work creatively, analytically in a problem-solving environment. 
• Desire to learn and contribute, provide proper training to MDR team members on new technology adopted in Managed detection and response
• A focused and self-motivated approach to work and provide guidance to team members
• Personal drive and positive work ethic to deliver results within tight deadlines and in demanding situations
• Guide security operators/ analysts to enhance their technical skills