KPMG
,
London, Greater London
Incident Response Associate
Overview
KPMG (UK) Incident Response & Investigations Team are undergoing transformation to maximise their effectiveness and success in the management of both technical and non- technical Security Incidents affecting the Firm. KPMG offer an inclusive and flexible working environment. We are looking for an Incident Response Associate to augment the team and help the Investigations Manager define the structure and functions of the team. Role & Responsibilities Working as part of KPMG's Incident Response & Investigations team to design, communicate and execute incident response, containment and remediation plans. Managing a broad range of Cyber Security and Information Security incidents, gathering evidence including the collecting and analysing of logs and digital forensics. Establishing whether the unauthorised access to or data exfiltration has occurred and identifying and reporting on remediation activities. When not responding to incidents, you will be helping to develop our own delivery capability, including operational efficiency, standard operating procedures, team learning and development, tooling and platforms, lab development and orchestration. This role will include providing on-call Incident Response cover on a rota basis with other members of the Incident Response & Investigations Team. Skills & Experience Extensive proven experience in Cyber Security Incident Response for large scale organisations Strong IT and network skills - knowledge of common enterprise technologies - Windows and Windows Active Directory, Linux, Cisco, etc. Advanced experience in industry forensic tools such as X-Ways, EnCase, FTK, Internet Evidence Finder (IEF) / AXIOM, TZWorks, and/or Cellebrite Strong experience in preservation of digital evidence (including experience preserving cloud data and handling encryption such as BitLocker, FileVault, and/or LUKS) Experience defining incident response team structures, incident response plans and playbooks. Experience with and understanding of enterprise Windows security controls Qualifications General information security certificates such CISSP, CISM or CISA (Preferred) Incident Response specialist certifications such as CREST and GIAC (Preferred) Excellent communication skills (both written and oral) and project management skills. Ability to prioritize and manage a complex workload, including multiple tasks for themselves Excellent attention to detail, as well as the ability to see the bigger pictur