Cyber Threat Management Consultant - Digital Forensics and Incident Response

Kpmg India Services Llp

Pune

Not disclosed

Work from Office

Full Time

Min. 3 years

Job Details

Job Description

Consultant-DFIR– Cyber Threat Management

The Consulting business at KPMG Global Services (KGS) is a diverse team of more than 6400 professionals. We work with KPMG Firms worldwide to transform the businesses of clients across industries through the latest technology and innovation. Our technology professionals combine deep industry knowledge with strong technical experience to navigate through complex challenges and deliver real value for our clients.

Through your work, you’ll build a global network and unlock opportunities that you may not have thought possible with access to great support, vast resources, and an inclusive, supportive environment to help you reach your full potential.

Roles & responsibilities

Core Delivery
Execute digital forensics and incident response (DFIR) engagements across endpoints, logs, and cloud environments
Perform security incident triage, investigation, containment, eradication, and recovery activities
Conduct threat hunting using SIEM, EDR, and network telemetry tools (e.g., Microsoft Sentinel, Defender, Palo Alto, Vectra)
Analyze Business Email Compromise (BEC) and Microsoft 365 audit logs to identify attack vectors and impact
Perform endpoint forensic analysis (Windows-based) and artifact review to support investigations
Analysis & Reporting
Perform log analysis, Google Takeout analysis, and data repository investigations.
Develop incident investigation reports, executive summaries, and technical findings
Document attack timelines, root cause analysis, and remediation recommendations
Support audit and compliance evidence preparation (CMA, SOPs, playbooks)
Operations & Engineering Support
Assist in SOC operations, detection tuning, and use case development
Support automation and improvement of IR processes and playbooks

Contribute to security tooling usage (SIEM, EDR, forensic tools) and optimization

 

Client & Stakeholder Engagement
Participate in client discussions, incident briefings, and presentations
Collaborate with global teams on incident response and threat intelligence sharing
Provide actionable insights to improve client security posture
Extended Responsibilities
Conduct tabletop exercises and adversary simulation scenarios to identify detection gaps
Support code repository and sensitive data exposure analysis
Contribute to knowledge management, documentation frameworks, and IR tracking improvements
Participate in proposal development / capability building 
         

Educational qualifications

Bachelor’s degree in Computer Science / Cyber Security / IT or related field
Relevant certifications (preferred):SC-200, AZ-104, AZ-900, ISC2 CC, DFIR-focused certifications

Work experience

• 3-5 years of experience in:
Incident Response / SOC / Threat Hunting / Digital Forensics / Device Security

Experience in global client engagements (US/UK/Europe) 

Mandatory  technical & functional skills

Incident Response lifecycle (Detect → Respond → Recover)
Digital Forensics (especially Windows endpoint artifacts)
Threat Hunting methodologies and hypothesis-driven analysis
Hands-on experience in:
SIEM tools (Microsoft Sentinel, Kibana)
EDR tools (Microsoft Defender, SentinelOne, CrowdStrike - exposure)
Knowledge of:
SOC operations, alert triage, and monitoring
Email security incidents (BEC, phishing investigations)
Strong:
Analytical and problem-solving skills
Technical report writing and documentation skills
Communication and stakeholder engagement skills
 
Preferred technical & functional skills
Exposure to:
Threat Intelligence integration and enrichment
Cloud security monitoring (Azure / Microsoft 365)
Identity-related attack scenarios (IAM abuse, privilege escalation)
Familiarity with:
IAM tools (SailPoint, Ping, CyberArk)
Network/security tools (Palo Alto, Vectra)
Experience in:
Automation, scripting, or notebook-based investigations (Jupyter)

Experience Level

Mid Level

Job role

Work location

Pune, Maharashtra, India

Department

IT & Information Security

Role / Category

Risk Management - Assessment / Advisory

Employment type

Full Time

Shift

Day Shift

Job requirements

Experience

Min. 3 years

About company

Name

Kpmg India Services Llp

Job posted by Kpmg India Services Llp

Apply on company website