The Security Operations Center (SOC) Analyst is primarily responsible for monitoring and responding to alerts generated by the SIEM. The role requires experience in a SOC environment, incident response process and the ability to analyze threats, risks, and impact. The SOC Analyst will be a member of the Digital Security Group and work under the supervision of the SOC Manager, Digital Security. This is a shift position, on rotation to provide 24x7x365 coverage.
Responsibilities The Security Operations Center (SOC) Analyst will be responsible for monitoring, analyzing, triaging, and remediating alerts generated by the monitoring tools. Escalating alerts to the SOC Manager, IR and remediation teams as deemed necessary from the analysis. The activity of monitoring includes daily review of the product consoles, analyzing the events, and determining which events are actionable. Responsibilities include but not limited to:
· Conduct real-time, continuous 'eyes-on-glass' monitoring of security events, responses, and reporting.
· Acknowledge tickets in ITSM according to defined service level agreements.
· Perform security event triage and validate potential threats following standard processes and procedures.
· Analyze, contextualize, and monitor security alerts from various advanced security platforms.
· Utilize internal and external data sources to research and enrich event information, determining if an event warrants classification as an "incident."
· Validate IOCs, investigate intrusion attempts, and conduct in-depth analysis and correlation of host-based logs, network traffic, and other data sources.
· Conduct continuous monitoring of event logs, evaluating, analyzing, and correlating triggers based on established Threat Use Cases.
· Diagnose events using identification playbooks to discern false positives or duplicates.
· Execute daily tasks including ticket review, investigate security events effectively, communicate findings, and escalate concerns to senior staff and/or SOC Manager as needed, per the established playbooks and SOPs (Standard Operating Procedures).
· Identify and prioritize incidents based on organizational impact or threat severity.
Position is part of a 24x7x365 shift rotation which will require after-hours and weekend work, may also require on-call as needed to support KPMG business needs.
What you bring to the role
· 3-year college degree or higher
· 2+ years of experience in a SOC environment in the areas of: incident detection and response, remediation,
malware analysis, or Incident Response / forensics
· Hands-on experience with Microsoft Sentinel or other SIEM and EDR/XDR technologies, creating and running
queries, and performing analytics, examination of logs and console events.
· Exposure to Microsoft Defender Endpoint, CSPM/CWP, or similar technologies
· Experience in Web Application Firewalls and API security
· Knowledge or experience in cloud security (Azure)
· Good understanding of SANS and MITRE ATT&CK Frameworks.
· Any industry relevant(s) certifications such as CISSP, CISM, SANS, CISA, CompTIA Security+ or CompTIA
CySA+, GIAC is an asset.
· Strong understanding of business processes and ability to manage change/adhere to change management
processes.
· Great communication skills
Nice to Have:
· Knowledge or experience in cloud security (GCP or AWS)
· Experience in malware analysis and reverse engineering
The Security Operations Center (SOC) Analyst is primarily responsible for monitoring and responding to alerts generated by the SIEM. The role requires experience in a SOC environment, incident response process and the ability to analyze threats, risks, and impact. The SOC Analyst will be a member of the Digital Security Group and work under the supervision of the SOC Manager, Digital Security. This is a shift position, on rotation to provide 24x7x365 coverage.
Responsibilities The Security Operations Center (SOC) Analyst will be responsible for monitoring, analyzing, triaging, and remediating alerts generated by the monitoring tools. Escalating alerts to the SOC Manager, IR and remediation teams as deemed necessary from the analysis. The activity of monitoring includes daily review of the product consoles, analyzing the events, and determining which events are actionable. Responsibilities include but not limited to:
· Conduct real-time, continuous 'eyes-on-glass' monitoring of security events, responses, and reporting.
· Acknowledge tickets in ITSM according to defined service level agreements.
· Perform security event triage and validate potential threats following standard processes and procedures.
· Analyze, contextualize, and monitor security alerts from various advanced security platforms.
· Utilize internal and external data sources to research and enrich event information, determining if an event warrants classification as an "incident."
· Validate IOCs, investigate intrusion attempts, and conduct in-depth analysis and correlation of host-based logs, network traffic, and other data sources.
· Conduct continuous monitoring of event logs, evaluating, analyzing, and correlating triggers based on established Threat Use Cases.
· Diagnose events using identification playbooks to discern false positives or duplicates.
· Execute daily tasks including ticket review, investigate security events effectively, communicate findings, and escalate concerns to senior staff and/or SOC Manager as needed, per the established playbooks and SOPs (Standard Operating Procedures).
· Identify and prioritize incidents based on organizational impact or threat severity.
Position is part of a 24x7x365 shift rotation which will require after-hours and weekend work, may also require on-call as needed to support KPMG business needs.
What you bring to the role
· 3-year college degree or higher
· 2+ years of experience in a SOC environment in the areas of: incident detection and response, remediation,
malware analysis, or Incident Response / forensics
· Hands-on experience with Microsoft Sentinel or other SIEM and EDR/XDR technologies, creating and running
queries, and performing analytics, examination of logs and console events.
· Exposure to Microsoft Defender Endpoint, CSPM/CWP, or similar technologies
· Experience in Web Application Firewalls and API security
· Knowledge or experience in cloud security (Azure)
· Good understanding of SANS and MITRE ATT&CK Frameworks.
· Any industry relevant(s) certifications such as CISSP, CISM, SANS, CISA, CompTIA Security+ or CompTIA
CySA+, GIAC is an asset.
· Strong understanding of business processes and ability to manage change/adhere to change management
processes.
· Great communication skills
Nice to Have:
· Knowledge or experience in cloud security (GCP or AWS)
· Experience in malware analysis and reverse engineering
The Security Operations Center (SOC) Analyst is primarily responsible for monitoring and responding to alerts generated by the SIEM. The role requires experience in a SOC environment, incident response process and the ability to analyze threats, risks, and impact. The SOC Analyst will be a member of the Digital Security Group and work under the supervision of the SOC Manager, Digital Security. This is a shift position, on rotation to provide 24x7x365 coverage.
Responsibilities The Security Operations Center (SOC) Analyst will be responsible for monitoring, analyzing, triaging, and remediating alerts generated by the monitoring tools. Escalating alerts to the SOC Manager, IR and remediation teams as deemed necessary from the analysis. The activity of monitoring includes daily review of the product consoles, analyzing the events, and determining which events are actionable. Responsibilities include but not limited to:
· Conduct real-time, continuous 'eyes-on-glass' monitoring of security events, responses, and reporting.
· Acknowledge tickets in ITSM according to defined service level agreements.
· Perform security event triage and validate potential threats following standard processes and procedures.
· Analyze, contextualize, and monitor security alerts from various advanced security platforms.
· Utilize internal and external data sources to research and enrich event information, determining if an event warrants classification as an "incident."
· Validate IOCs, investigate intrusion attempts, and conduct in-depth analysis and correlation of host-based logs, network traffic, and other data sources.
· Conduct continuous monitoring of event logs, evaluating, analyzing, and correlating triggers based on established Threat Use Cases.
· Diagnose events using identification playbooks to discern false positives or duplicates.
· Execute daily tasks including ticket review, investigate security events effectively, communicate findings, and escalate concerns to senior staff and/or SOC Manager as needed, per the established playbooks and SOPs (Standard Operating Procedures).
· Identify and prioritize incidents based on organizational impact or threat severity.
Position is part of a 24x7x365 shift rotation which will require after-hours and weekend work, may also require on-call as needed to support KPMG business needs.
What you bring to the role
· 3-year college degree or higher
· 2+ years of experience in a SOC environment in the areas of: incident detection and response, remediation,
malware analysis, or Incident Response / forensics
· Hands-on experience with Microsoft Sentinel or other SIEM and EDR/XDR technologies, creating and running
queries, and performing analytics, examination of logs and console events.
· Exposure to Microsoft Defender Endpoint, CSPM/CWP, or similar technologies
· Experience in Web Application Firewalls and API security
· Knowledge or experience in cloud security (Azure)
· Good understanding of SANS and MITRE ATT&CK Frameworks.
· Any industry relevant(s) certifications such as CISSP, CISM, SANS, CISA, CompTIA Security+ or CompTIA
CySA+, GIAC is an asset.
· Strong understanding of business processes and ability to manage change/adhere to change management
processes.
· Great communication skills
Nice to Have:
· Knowledge or experience in cloud security (GCP or AWS)
· Experience in malware analysis and reverse engineering
KPMG – це міжнародна мережа фірм, що надають аудиторські, податкові та консультаційні послуги. В офісах KPMG у 143 країнах світу працюють понад 273,000 співробітників (FY23). Кожна фірма KPMG є незалежною юридичною особою і представляє себе як таку.
KPMG працює в Україні з 1992 року. KPMG в Україні надає аудиторські, податкові, бухгалтерські та консультаційні послуги для місцевих і міжнародних компаній. Нашою метою завжди було використання глобального інтелектуального потенціалу фірми в поєднанні з практичним досвідом наших українських професіоналів, щоб допомогти провідним компаніям досягти своїх цілей.
Офіси компанії знаходяться у Києві та Львові.
______________
KPMG is a global network of professional services firms providing audit, tax and advisory services. We operate in 143 countries and territories, and in FY23, collectively employed more than 273,000 people working in member firms around the world.
KPMG in Ukraine provides audit, tax, accounting and advisory services to local and international businesses. KPMG has been working in Ukraine since 1992, and our goal has always been to use the firm's global intellectual potential, combined with the practical experience of our Ukrainian professionals, to help leading companies to achieve their goals.
In Ukraine KPMG has its offices in Kyiv and Lviv.
