Overview:
At KPMG, you’ll join a team of diverse and dedicated problem solvers, connected by a common cause: turning insight into opportunity for clients and communities around the world.
Are you a talented leader with a proven track record for motivating teams and delivering exceptional client service?
We are looking for a talented individual at the Senior Manager level to join KPMG’s Cyber Response practice based in Canada. The successful individual will be driven, and results oriented, with a strong focus on client relationships. This individual will possess a strong interest in computer forensics and cyber incident response analysis.
KPMG’s Cyber Response team is one which has received tremendous investment and has been identified as a transformational part of the firm to deliver growth over the next five years. It is an excellent opportunity for those that are looking to work in a firm with unparalleled career progression opportunities. Find out more about Cyber Response.

What you will do:

• Lead and manage computer and network forensic investigations and cyber incident response engagements through managing a team of incident responders as well as hands-on log analysis, malware triage, binary reverse engineering.
• Gather, analyze and maintain data to support investigative, risk and mitigation efforts
• Demonstrate deep technical knowledge, specifically in the fields of operating system security, network security, cryptography, software security, malware analysis, forensics, security operations, incident response, and emergent security intelligence
• Independently perform digital forensics on various platforms and mobile devices utilizing various forensic tools such as, but not limited to EnCase, Autopsy, Magnet Axiom and Cellebrite
• Exposure to Endpoint Detection and Response (EDR) tools such as Crowdstrike, SentinelOne or Microsoft Tool stacks.
• Familiarity and up to date knowledge of common threat actor TTPs (tools, techniques and procedures and how they relate to the stages of the MITRE ATT&CK® Framework. Understanding of Internet security issues, cloud architectures, and threat landscape
• Utilize and analyze results from incident response and forensic tools to assess host and network-based artifacts.
• Develop incident investigation and digital forensic reports articulating technical investigations
• Leverage out-of-the-box thinking to tackle and overcome client challenges.
• Remain up-to-date on computer forensic and cyber incident trends and technologies through testing and research.
• Actively contribute to thought leadership and business development campaigns.
• Communicate effectively at multiple levels of sensitivity, and multiple audiences.
• Demonstrate passion to learn and thrive in a dynamic and constantly changing environment.
• Fulfill regular on-call responsibilities
• Demonstrated strong knowledge of web protocols, common attacks, and an in-depth knowledge of Linux/Unix tools and architecture
• You will help establish and promote KPMG’s brand profile within the industry.
• Your proven leadership skills will contribute to continued development of the Cyber Response team and practice, supporting internal development opportunities and offering and process enhancement.
• Play a leading role in business development efforts including proposals, marketing material, and internal and external presentations
• Assist with maintaining and growing relationships with cyber insurers, lawyers and other stakeholders in the cyber incident response industry.
• Promote an open-door culture which will allow the Cyber Response team members to learn and develop through mentorship and coaching
• Actively engage in coaching and mentoring junior team members to foster their professional growth and development.

What you bring to this role:

• Undergraduate degree in Computer Science, Information Technology, or related field.
• A minimum of five years of previous incident response or CSIRT experience is desired.
• Hands-on experience with various security tools including log management, web proxies, endpoint protection platforms, etc is preferred.
• Completion of relevant certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Examiner (GCFE), EnCase Certified Examiner (EnCE), CCFP ISC(2) or similar.
• Minimum of five years of experience with using forensic software applications (e.g. EnCase, FTK, Autopsy, Magnet Axiom, Cellebrite, Wireshark, OpenVAS, Snort, Magnet IEF/Axiom) and techniques to capture electronic data from computers, external media, networks and mobile data devices.
• Experience in an advisory or external consulting capacity or as a corporate incident response handler will be a plus
• Experience in overseeing projects from inception to completion within strict timeframes and budgets.
• Hands-on computer forensic experience such as Windows, Unix and or/Linux disk and memory forensics, Host and Network-based security monitoring, traffic and log analysis and static and dynamic malware analysis in support of incident response investigations and possible litigation with an understanding of evidence handling procedures.
• Interest or expertise in Machine Learning/AI as it pertains to cybersecurity.
• Familiarity with cloud solutions (AWS, Azure, etc.) and their security implications.

What you will do:

• Lead and manage computer and network forensic investigations and cyber incident response engagements through managing a team of incident responders as well as hands-on log analysis, malware triage, binary reverse engineering.
• Gather, analyze and maintain data to support investigative, risk and mitigation efforts
• Demonstrate deep technical knowledge, specifically in the fields of operating system security, network security, cryptography, software security, malware analysis, forensics, security operations, incident response, and emergent security intelligence
• Independently perform digital forensics on various platforms and mobile devices utilizing various forensic tools such as, but not limited to EnCase, Autopsy, Magnet Axiom and Cellebrite
• Exposure to Endpoint Detection and Response (EDR) tools such as Crowdstrike, SentinelOne or Microsoft Tool stacks.
• Familiarity and up to date knowledge of common threat actor TTPs (tools, techniques and procedures and how they relate to the stages of the MITRE ATT&CK® Framework. Understanding of Internet security issues, cloud architectures, and threat landscape
• Utilize and analyze results from incident response and forensic tools to assess host and network-based artifacts.
• Develop incident investigation and digital forensic reports articulating technical investigations
• Leverage out-of-the-box thinking to tackle and overcome client challenges.
• Remain up-to-date on computer forensic and cyber incident trends and technologies through testing and research.
• Actively contribute to thought leadership and business development campaigns.
• Communicate effectively at multiple levels of sensitivity, and multiple audiences.
• Demonstrate passion to learn and thrive in a dynamic and constantly changing environment.
• Fulfill regular on-call responsibilities
• Demonstrated strong knowledge of web protocols, common attacks, and an in-depth knowledge of Linux/Unix tools and architecture
• You will help establish and promote KPMG’s brand profile within the industry.
• Your proven leadership skills will contribute to continued development of the Cyber Response team and practice, supporting internal development opportunities and offering and process enhancement.
• Play a leading role in business development efforts including proposals, marketing material, and internal and external presentations
• Assist with maintaining and growing relationships with cyber insurers, lawyers and other stakeholders in the cyber incident response industry.
• Promote an open-door culture which will allow the Cyber Response team members to learn and develop through mentorship and coaching
• Actively engage in coaching and mentoring junior team members to foster their professional growth and development

What you bring to this role:

• Undergraduate degree in Computer Science, Information Technology, or related field.
• A minimum of five years of previous incident response or CSIRT experience is desired.
• Hands-on experience with various security tools including log management, web proxies, endpoint protection platforms, etc is preferred.
• Completion of relevant certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Examiner (GCFE), EnCase Certified Examiner (EnCE), CCFP ISC(2) or similar.
• Minimum of five years of experience with using forensic software applications (e.g. EnCase, FTK, Autopsy, Magnet Axiom, Cellebrite, Wireshark, OpenVAS, Snort, Magnet IEF/Axiom) and techniques to capture electronic data from computers, external media, networks and mobile data devices.
• Experience in an advisory or external consulting capacity or as a corporate incident response handler will be a plus
• Experience in overseeing projects from inception to completion within strict timeframes and budgets.
• Hands-on computer forensic experience such as Windows, Unix and or/Linux disk and memory forensics, Host and Network-based security monitoring, traffic and log analysis and static and dynamic malware analysis in support of incident response investigations and possible litigation with an understanding of evidence handling procedures.
• Interest or expertise in Machine Learning/AI as it pertains to cybersecurity.
• Familiarity with cloud solutions (AWS, Azure, etc.) and their security implications