Cyber Threat Intelligence (Diversity)- Manager - BLR

Our Client in India is one of the leading providers of risk, financial services and business advisory, internal audit, corporate governance, and tax and regulatory services.

Our Client was established in India in September 1993, and has rapidly built a significant competitive presence in the country. The firm operates from its offices in Mumbai, Pune, Delhi, Kolkata, Chennai, Bangalore, Hyderabad , Kochi, Chandigarh and Ahmedabad, and offers its clients a full range of services, including financial and business advisory, tax and regulatory.

Our client has their client base of over 2700 companies. Their global approach to service delivery helps provide value-added services to clients. The firm serves leading information technology companies and has a strong presence in the financial services sector in India while serving a number of market leaders in other industry segments.

Principal Responsibilities :

One of the primary responsibilities are IOC sweeps / blocks / investigations of hits. Assist with automating this task. End goal is for IR to receive high fidelity true positive hits and for the person in this role to assess trends of IOC hits and feed intel to the threat hunt workstream to prioritize hunts on those threat actors. While working towards IOC sweep automation, escalates to hunters when hits determined to be true positive and remediation actions are required or if advanced analysis is required.

Daily CISO report (CTI Input) This report is sent out daily to our CISO and other Sr. Leadership / workstreams regarding daily CTI news and its relevance to KPMG. The person in this role will be responsible for this daily.

Assist U.S. CTI workstream SME with alerts / investigations from CTI tools. Prefer experience with CTI tools such as ZeroFox (Brand abuse / leaked credentials investigations), Flashpoint (Deep dark web investigations), Domain Tools (domain / web investigations) and experience with a Threat Intelligence Platform (TIP) such as Threat Q.

Assist with the assessment of Top 10 threat actors / malware for the firm to prioritize on assessments / hunts.

Research and develop risk mitigating approaches and drive response and remediation

Document processes and procedures in the form of playbooks and reference guides.

Stay abreast of the latest information security controls, practices, techniques and capabilities in the marketplace.

Lead internal skills development activities for information security personnel on the topic of cyber threat intelligence, by providing mentoring and by conducting knowledge sharing sessions

Provide input to business cases and presentations to senior IT leadership of proposed security products and studies. Produce operating metrics and key performance indicators.

Knowledge of all phases of incident response life cycle : analysis, containment, eradication, remediation, recovery

Evaluate external threat intelligence sources related to zero-day attacks, exploit kits and malware to determine organizational risk.

Qualifications :

Knowledge / experience in automating tasks (creating logic apps, powershell / python scripts to automate workflows / tasks). This is highly desirable skillset.

Experience in security monitoring, security operations, and incident response activities preferably within a professional services firm or similar environment

Strong knowledge of incident response and crisis management Ability to identify both tactical and strategic solutions

Knowledge / background with snort rules (reading and / or writing them).

Knowledge of Microsoft KQL (writing queries / creating workbooks are highly desirable).

Experience with IT process definition and / or improvement

Ability to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors

Strong verbal / written communication, with ability to effectively interact with individuals at all levels of responsibility and authority. Must be able to prioritize, delegate to support an environment driven by customer service and teamwork. Strong trouble-shooting and organizational skills and ability to work on multiple projects simultaneously. Ability to participate in resource planning processes based on defined organizational plans.

Experience defining security monitoring rules, monitoring events, assessing risk, responding to incidents and providing security oversight related to the security features of IT tools supported by the IT operations teams

Ability to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors

Strong verbal / written communication, with ability to effectively interact with individuals at all levels of responsibility and authority. Must be able to prioritize, delegate and foster the development of high-performance teams to lead / support an environment driven by customer service and team work. Strong trouble-shooting and organizational skills and ability to work on multiple projects simultaneously. Ability to participate in resource planning processes based on defined organizational plans.

Experience developing / utilizing SIEM queries for investigating IOCs within the network.

Experience conducting analysis based on Deep Dark Web intelligence.