Consultant-DFIR– Cyber Threat Management
The Consulting business at KPMG Global Services (KGS) is a diverse team of more than 6400 professionals. We work with KPMG Firms worldwide to transform the businesses of clients across industries through the latest technology and innovation. Our technology professionals combine deep industry knowledge with strong technical experience to navigate through complex challenges and deliver real value for our clients.
Through your work, you’ll build a global network and unlock opportunities that you may not have thought possible with access to great support, vast resources, and an inclusive, supportive environment to help you reach your full potential.
Roles & responsibilities
•Core Delivery
•Execute digital forensics and incident response (DFIR) engagements across endpoints, logs, and cloud environments
•Perform security incident triage, investigation, containment, eradication, and recovery activities
•Conduct threat hunting using SIEM, EDR, and network telemetry tools (e.g., Microsoft Sentinel, Defender, Palo Alto, Vectra)
•Analyze Business Email Compromise (BEC) and Microsoft 365 audit logs to identify attack vectors and impact
•Perform endpoint forensic analysis (Windows-based) and artifact review to support investigations
•Analysis & Reporting
•Perform log analysis, Google Takeout analysis, and data repository investigations.
•Develop incident investigation reports, executive summaries, and technical findings
•Document attack timelines, root cause analysis, and remediation recommendations
•Support audit and compliance evidence preparation (CMA, SOPs, playbooks)
•Operations & Engineering Support
•Assist in SOC operations, detection tuning, and use case development
•Support automation and improvement of IR processes and playbooks
Contribute to security tooling usage (SIEM, EDR, forensic tools) and optimization
•Client & Stakeholder Engagement
•Participate in client discussions, incident briefings, and presentations
•Collaborate with global teams on incident response and threat intelligence sharing
•Provide actionable insights to improve client security posture
•Extended Responsibilities
•Conduct tabletop exercises and adversary simulation scenarios to identify detection gaps
•Support code repository and sensitive data exposure analysis
•Contribute to knowledge management, documentation frameworks, and IR tracking improvements
•Participate in proposal development / capability building
Educational qualifications
•Bachelor’s degree in Computer Science / Cyber Security / IT or related field
•Relevant certifications (preferred):SC-200, AZ-104, AZ-900, ISC2 CC, DFIR-focused certifications
Work experience
• 3-5 years of experience in:
•Incident Response / SOC / Threat Hunting / Digital Forensics / Device Security
Experience in global client engagements (US/UK/Europe)
Mandatory technical & functional skills
•Incident Response lifecycle (Detect → Respond → Recover)
•Digital Forensics (especially Windows endpoint artifacts)
•Threat Hunting methodologies and hypothesis-driven analysis
•Hands-on experience in:
•SIEM tools (Microsoft Sentinel, Kibana)
•EDR tools (Microsoft Defender, SentinelOne, CrowdStrike - exposure)
•Knowledge of:
•SOC operations, alert triage, and monitoring
•Email security incidents (BEC, phishing investigations)
•Strong:
•Analytical and problem-solving skills
•Technical report writing and documentation skills
•Communication and stakeholder engagement skills
Preferred technical & functional skills
•Exposure to:
•Threat Intelligence integration and enrichment
•Cloud security monitoring (Azure / Microsoft 365)
•Identity-related attack scenarios (IAM abuse, privilege escalation)
•Familiarity with:
•IAM tools (SailPoint, Ping, CyberArk)
•Network/security tools (Palo Alto, Vectra)
•Experience in:
•Automation, scripting, or notebook-based investigations (Jupyter)
Experience Level
Mid Level