You're using an older version of Internet Explorer that is no longer supported. Please update your browser.

Consultant/ Senior Consultant, Cyber Defence - Incident Response

Vancouver, BC
Full Time
4 days ago

You've got big plans. We have opportunities to match, and we're committed to empowering you to become a better cyber security professional, no matter what you do.

When you join KPMG you'll be one of over 219,000 professionals providing audit, tax, advisory and business enablement services across 147 countries.

With the support to do things differently, grow personally and professionally and bring your whole self to work, there's no limit to the impact you can make. Let's do this.

The opportunity

Our Vancouver and Victoria team are looking for a highly motivated Cyber Security professional at a Consultant or Senior Consultant level to join our team! As a member of KPMG Canada's cross-functional Cyber team, you will be dedicated to the defense and protection of our client critical data, systems, and assets th rough cyber defense and incident response services.

A career within our Cyber Security practice will provide you with the opportunity to help our clients implement robust cybersecurity programs that protects against threats, propels digital and business transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organizations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats.

KPMG's Cyber team has received tremendous investment and has been identified as a transformational part of the firm to deliver growth over the next five years. This is an excellent opportunity for those that are looking to stay ahead of the curve and work in a firm with unparalleled career progression opportunities.

Find out more about KPMG Cyber Response & Cyber Defence .

At KPMG we continue to be a virtual first work environment; however, this role is required to be located in Vancouver or Victoria, BC. The team looks forward to representing KPMG and growing our practice locally through industry events and client meetings when safe to do so.

What you will do

As a Consultant/ Senior Consultant, you'll work as part of a team of problem solvers with extensive consulting and industry experience, supporting our technical engagement team and leveraging your expertise on Incident Response projects and tasks. Specific responsibilities include but are not limited to:
  • Engage with a variety of clients on incident response engagements ranging and tasks from operating system security, cloud and network security, cryptography, software security, malware analysis, digital forensics for incident response activities, security operations, and emergent security intelligence;
  • Perform incident response and cyber investigations. These engagements will require urgent organization, configuring needed toolsets, and communication with the client;
  • Leverage forensic tools to on incident response collect, process and analyze computer based evidence (host and network based). Use end-point detection and response (EDR) tools to investigate, monitor and triage potentially compromised end-points;
  • Perform digital forensic evidence collection throughout the incident response phases, extensive log analysis and meta-data analysis;
  • Perform operating system and hard drive digital forensic evidence analysis;
  • Analyze results from tools and determine: indicators of compromise (IOCs), root cause of compromise, possible attack vectors, potential threat actors and the overall risk/threat the client is facing;
  • Provide recommendations and advise on steps to mitigate the current attack, present risks and remediate the potentially vulnerable environment and remove the ability of ongoing/future attacks;
  • Analyze results of assessment and create technical accurate and articulate reports in a business professional language, to be shared with technical stakeholder, executive stakeholders and potentially third parties;
  • Leverage out-of-the-box thinking to tackle and overcome complex client challenges;
  • Remain current on the threat landscape, including common and recent threats. Keep your team and clients informed on relevant threat and attack vectors on an on-going basis;
  • Contribute to the KPMG Incident Response team's practice development by actively supporting a Cyber/Forensics lab, writing whitepapers, conducting and sharing research, actively assisting with business development opportunities.

At times, urgent business needs arise, in response to emerging incidents, and team members are required to work beyond their normal work day or work week to fulfill the accountabilities required for their job. Likewise, people need time to devote to personal matters, and our approach to flexibility provides for this.

What you bring to the role

We will look to you to bring a blend of knowledge, training, and experience, including:

  • Undergraduate degree in Computer Science, Information Technology, or related field;
  • Completion of at least one relevant certification such as GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Examiner (GCFE), EnCase Certified Examiner (EnCE), CCFP ISC(2) or similar;
  • 2+ years of experience with incident response, preferably in a consulting environment. Internal CSIRT experience will also be considered;
  • 2+ years of experience with forensic data collection with technical network, hard drive, and operating systems. Candidates should also have experience with collecting data from cloud platforms for investigations that involve SaaS and PaaS;
  • Experience working on consulting incident response engagements with clients, including post-incident reviews;
  • Cyber investigation and threat hunting experience;
  • Ability to identify and create IOCs (Indicators of Compromise) from performing forensic analysis activities, articulate IOC in technical formats, and present them to stakeholders;
  • Hands-on experience and working knowledge of at least one common industry leading or open-source forensic software application (e.g. EnCase, FTK, Autopsy, Magnet Axiom, Cellebrite, Magnet IEF/Axiom) and techniques to capture and process electronic data from computers, virtual machines, external media, networks and mobile data devices;
  • Hands on experience with the installation and configuration of End-Point Detection and Response tools, such as Carbon Black, Sentinel One, CrowdStrike Falcon or Elastic Stack;
  • Strong knowledge of common attack vectors, initial compromise, lateral movement, privilege escalation and data exfiltration techniques;
  • Knowledge of operating systems, networking, web protocol, and cloud architecture;
  • Ability to perform log, host and network-based traffic monitoring and analysis, across varying devices, platforms and formats;
  • Ability to perform hard drive digital forensics within the incident response phases, across various file and device formats, including Windows and Linux operating systems and mobile device.
  • Ability to fulfill regular on-call responsibilities, as part of a team, for urgent incident response activities.

Desired experience, certifications, and abilities:
  • Master's Degree within a specialization in Cyber Security, Digital Forensics or a related field is advantageous;
  • Completion of any additional Cyber Security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) or similar would be advantageous.;
  • Hands-on experience incident response and log analytics tools, such as Elastic, Log Stash and Kibana, Sumo Logic, Splunk, etc. Familiarity with multiple open-source tools for data and log analysis;
  • Reverse engineering experience on various types of malware, including ransomware, malicious droppers, trojans, customized and obfuscated malicious scripts and other types of malicious files will be advantageous;
  • Experience with forensic evidence handling and chain-of-custody procedures and knowledge of potential litigation requirements;
  • Experience with programming languages (C, C#) and scripting languages (e.g. Python and Go) and familiar with Bash and PowerShell;
  • Experience in other technical Cyber Security domains, such as Penetration Testing, Red Teaming, Security Operation Centre (SOC) or Blue Teaming;
  • Able to create solutions and modify your tools, plugins and scripts appropriately to problem at hand;
  • Knowledge of common threat actor TTPs (tools, techniques and procedures and how they relate to the stages of the MITRE ATT&CK® Framework.

What makes you stand out:
  • You are motivated and a self-s tarter that takes initiative and takes the time to understand what is expected of them. You can work independently with varying degrees of supervision and understand the level of communication required to keep your team and clients' informed, while asking for help when you need support;
  • You are comfortable with dealing with and working through ambiguity, to scope and determine path to project outputs;
  • You are a problem solving, solution-oriented person that applies and engineering-first mindset to your engagements and activities;
  • You are a proficient communicator for your level of experience, both verbally and written, with the ability to deliver professional communications, presentations, reports and documentation. You are aware of your areas of improvement and open to mentorship and professional development;
  • You have developed effective time management skills and the ability to prioritize and execute tasks when urgency is required. You are not afraid to put your hand up if you need support;
  • You are team-oriented and thrive in working within a collaborative environment.

Our Values, The KPMG Way

Integrity, we do what is right | Excellence, we never stop learning and improving | Courage, we think and act boldly | Together, we respect each other and draw strength from our differences | For Better, we do what matters

KPMG in Canada is a proud equal opportunities employer and we are committed to creating a respectful, inclusive and barrier-free workplace that allows all of our people to reach their full potential. A diverse workforce is key to our success and we believe in bringing your whole self to work. We welcome all qualified candidates to apply and hope you will choose KPMG in Canada as your employer of choice.

For general recruitment-related inquiries, please contact the HR Delivery Centre at .

If you have a question about accessible employment at KPMG, or to begin a confidential conversation about your individual accessibility or accommodation needs through the recruitment process, we encourage you to contact us at or phone: 416-777-8002 or toll free 1-888-466-4778.
Accounting Banking, Finance and Insurance