Manager/Expert, Cybersecurity Incident Response (Microsoft Sentinel) - Advanced English

ABOUT KTSA

We are KTSA – KPMG Technology Services Americas! A service delivery center with offices in Mexico City, Guadalajara, Monterrey, and a pool of remote talents across Mexico. We provide Technology, Consulting & Corporate Support Services to KPMG US and some of its clients, and we are the best at doing so!

Explore KTSA, We dare to be different.

Experience a culture where you can interact with multi-cultural teams and people from different backgrounds.

Expand your possibilities and gain stability, at KTSA we celebrate successes and reward our people for the hard work they do every day.

Excel and make an impact, it’s a place where you can create their own footprint and make a legacy.

We invest in people, with internal programs, training and initiatives to develop their skills and help them reach your goals.

Express and celebrate your individuality. It's about coming exactly as you are. We empower everyone to live their truth, be themselves, pursue individual interests.

RESPONSIBILITIES:

• ·Monitor for external threats, assessing risk to the firm’s environment and support risk mitigation and response activities.
• Perform some or all phases of incident response life cycle: analysis, containment, eradication, remediation, recovery.
• Document, test and manage incident response processes.
• Support personnel investigations.
• Conduct forensics (e.g. host based disk and memory, as well as network) and analysis.
• Incorporate external threat intelligence sources related to zero day attacks, exploit kits and malware into detection tools.
• Define security monitoring use cases and develop and tune supporting content for security tools (e.g. dashboards, alerts, reports, rules), including but not limited to the configuration and monitor security information and event management (SIEM) platform and endpoint detection tools for security alerts.
• Perform data analysis in support of security event management processes, including root cause analysis.

Team Shared Responsibilities:

• Monitor for threats and vulnerabilities through a combination of automated and manual processes and respond accordingly. As a continuous feedback loop, incorporate learnings into additional preventive and detective controls.
• Research and develop risk mitigating approaches and drive response and remediation.
• Implement automation and orchestration to improve efficiency and effectiveness of security monitoring and response processes.
• Document processes and procedures in the form of playbooks and reference guides.
• Stay abreast of the latest information security controls, practices, techniques and capabilities in the marketplace, as well as evolving threats
• Participate in internal skills development activities for information security personnel on the topic of security monitoring and incident response. Providing mentoring to junior team members.
• Produce operating metrics and key performance indicators

QUALIFICATIONS:

Technical expertise:

• Experience in security monitoring, security operations, and incident response activities; preferably within a professional services firm or similar environment
• Experience defining security monitoring rules, monitoring events, assessing risk, responding to incidents and providing security oversight related to the security features of IT tools supported by the IT operations teams
• Knowledge of incident response lifecycle
• Experience with IT process definition and / or improvement
• Ability to utilize security tools in a large Enterprise IT infrastructure such as proxies, mail servers, Active Directory, workstations and mobile devices, etc.
• Ability to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors
• Strong troubleshooting and organizational skills and ability to work on multiple activities simultaneously.
• Hands-on network and systems administration skills with Linux and Windows, including Active Directory competence
• CISSP preferred
• Microsoft Sentinel experience preferred
• Understanding of network and system intrusion and detection methods and mitigation techniques.
• Experience with malware analysis or endpoint lateral movement detection methodologies or host forensic tools.
• Understanding of some of the following: network protocol analysis, public key infrastructure, SSL, Microsoft Windows and Active Directory, Linux,
• Scripting skills (Python, Shell/BASH) and use of open source Linux security tools.
• Experience with a threat monitoring program and related operational activities.
• Experience developing SIEM content/use cases with specific experience writing content rules
• Experience with Microsoft defender XDR Sentinel.
• SANS DFIR/Incident handling certifications preferred: GCIH, GCFA, CHFI

If you are interested in participating, please apply directly at this link: https://www.ktsa.com.mx/

Expand your possibilities with KTSA, through KTSAMÁS, our total rewards program where you can have:

• Extended maternity, paternity and adoption leaves.
• Above the market vacation benefits.
• Hybrid work set-up
• We offer learning opportunities, training and certification programs so that you could continue advancing in your professional career.
• Extended marriage licenses and day care benefits.
• Wellness programs and Employee Assistance Programs (EAP).
• Comprehensive medical plan, life insurance, car Insurance and funeral assistance.

Visit KTSA.COM.MX to know more

At KTSA we celebrate and support everyone’s individuality. We do not discriminate against any race, religion, color, national origin, gender, sexual orientation, gender identity and expression, age, marital status or disability

Explore KTSA, We dare to be different.

#KTSACareers #LifeatKTSA #SoyKTSA #ExploreKTSA