SOC Analyst Level 2 - Cyber Security

Overview

At KPMG in Canada, our people bring their unique perspectives to Canada’s most important challenges

Here, you can build momentum that reaches beyond our business, develop skills for the future, and take ownership of your career with support at every stage

Join a firm where your career can make a difference.

 

Are you a talented leader with a proven track record for motivating teams and delivering exceptional client service?

 

Our Cyber Managed Services team in Toronto is looking for a professional like you with the skills and drive to make a real difference. 

What you will do

• Receive escalation from L1 SOC analyst to determine increased risk to the business 

• Review log data against security technology rules and filters to propose further improvements to threat detection  

• Coordinate with SIEM Engineers to tune events, improve event correlation, performance, and alerts 

• Develop, create and maintain incident response playbooks

  This includes identifying areas of potential improvement by reviewing redundant tasks, security incidents and providing task automation suggestions 

• Perform log analysis from multiple data sources to analyze technical data, extracting Tactics, Techniques, Procedures (TTP) and malware attributes 

• Provide support in the analysis of critical events and security tickets to evaluate the effectiveness and efficiency of the incident management process and develop any necessary improvement plans. 

• Maintain up-to-date understanding of security threats, countermeasures, security tools and Cloud Security and SaaS technologies. 

• Experience tracking incidents against a framework such as SANS and MITRE ATT&CK. 

• Provide technical and thought leadership within SOC by teaching other SOC Analysts about both traditional and unconventional ways to detect, analyze, and mitigate security incidents. 

• Act as Subject Matter Expert (SME) trainer for analyst functions, providing support on more involved cases and guiding the activity of other T1/T2 analysts through collaboration. 

• Act as the lead coordinator for the Incident Response function and as designated lead on customer on-boarding projects to ensure a successful transition to SOC for security monitoring services. 

What you bring to the role

• Highly technical with at least 3 to 5 years of relevant experience as an analyst in Cyber, IT Security or a SOC 

• Any industry relevant(s) certifications such as CISSP, CISM, SANS, CISA, CompTIA Security+ or CompTIA CySA+, GIAC is required. 

• Hands-on experience with Microsoft Sentinel or other SIEM and SOAR technologies, creating and running queries, and performing analytics examination of logs and console events. 

• Hands-on experience with Microsoft Defender Endpoint, CSPM/CWP or any similar vendor technologies, ability to understand vulnerabilities with insights from industry-leading security research and provide recommendation to external clients 

• Experience with Malware Analysis and reverse engineering through static or dynamic analysis. 

• Experience and demonstrated success in business development activities, including research and analysis, processes development/improvement, proposal writing etc. 

• Experie