Our StoryOur ExpertiseEvents & NewsCareers

Security Engineer

Sofia, Bulgaria (Hybrid)

Apply for this job
This job is not available anymore

KPMG IT Service OOD is an IT service provider with a mission to digitalize the core business of the KPMG network member firms and their clients. We employ more than 500 people in Sofia and deliver the full spectrum of IT services to our clients, including SAP solutions, Software Engineering, Application & Platform Operations, Cloud and Infrastructure.

Our Cloud Services unit is focused on designing, building, securing and managing cloud native & hybrid platforms for the KPMG group of member firms, as well as providing cloud advisory and engineering services to external clients.

Your Responsibilities: 

  • Act as an escalation point for other security analysts in the SOC, including 3rd party MSSP
  • Co-ordinate SOC team response and work with Threat Detection manager to improve triage processes
  • Deputise Threat Detection Manager with full delegated responsibilities, when required
  • Proactively monitor the network security sensors ensuring timely detection, investigation and remediation of potential threats in line with the incident management lifecycle
  • Use the advanced security analytics toolsets to monitor for emerging threat patterns and vulnerabilities, attempted or successful breaches
  • Work closely with other KPMG teams to ensure that all technologies are activity monitored including troubleshooting where necessary
  • Interact with the Global Security Operations Centre (GSOC) & MSSP, including Incident response and intelligence sharing, escalating to management where required
  • Triage and manage incidents, events and queries from the business to the relevant resolver group
  • Contribute to the Continual Service Improvement of the teams' operations through proactive analysis, engagement and collaboration
  • Detect, respond and coordinate response for security events while capturing essential details and artefacts
  • Operationalise actionable intelligence reports from Threat Intelligence team and external sources
  • Maintain event response documentation, participate in post-mortems, and write event reports
  • Contribute to projects that enhance the security posture of KPMG
  • Identify trends, potential new technologies, and emerging threats, which may impact KPMG
  • Review and prioritise alerts based on Standard Operating Procedures
  • Review and triage suspected security events reported by staff members or Security Monitoring platforms
  • Accurately document work in Incident case management system as per defined standards
  • Leverage multiple data sources to analyse detection alerts and staff reported cyber-attacks to identify which events require response activities based on Standard Operating Procedures
  • Declare an incident and escalate it to Incident Response team, ensuring findings have been accurately captured in the Incident case management system as per defined standards
  • Ensure that cases are accurately categorised to ensure the appropriate feedback is provided to the Detection and Response Engineering team and to facilitate reporting
  • Identify and record gaps in visibility and security posture through the course of investigations as per defined Standard Operating Procedures
  • Identify potential new detection logic and escalate to the Detection and Response Engineering team
  • Hunt for threat indicators from log data and other available endpoint/network artefacts


What you bring in:

  • Hands on SIEM and EDR tooling knowledge and experience including technologies such as Microsoft Sentinel, Microsoft Defender Suite etc.
  • Experience in end-to-end information security incident management and mitigating and addressing threat vectors including Advanced Persistent Threat (APTs), Distributed Denial of Service (DDoS), Phishing, Malicious Payloads, Malware, etc
  • Experience with Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Web Application, Firewalls, Firewall logs, systems logs, web logs, application logs and Security Information and Event Management (SIEM) systems
  • Experience with technologies, tools, and process controls to minimise risk and data exposure.
  • Experience in search query languages such as KQL, OSquery or SPLSolid experience of working in Cloud environments such as AWS, Azure, & GCP
  • Experience with building threat-based Use Cases using frameworks such as MITRE ATT&CK
  • Solid understanding of ISO 27001, Cyber Essentials/Essentials Plus, GDPR and other information security-related regulatory and compliance standards
  • Understanding of security threats, attack scenarios, intrusion detection and incident management
  • Ability to function effectively in a matrix structure
  • Ability to deal with ambiguity and to keep a cool head when dealing with crisis or stressful situations
  • Strong analytical skills
  • Apply analytical rigor and demonstrate business acumen to understand complex business scenarios
  • Already holds, or can be SC cleared
  • Fluency in English

What we offer:

  • The chance to work in a top talent team
  • Attractive remuneration
  • Build knowledge in cutting-edge technologies
  • Opportunity for continuous training, learning and certification
  • Experience in an international and multicultural organization
  • Work on challenging projects with clients in various industries around the globe
  • Modern office environment
  • Additional health insurance
  • Life insurance
  • 50+ benefits and services to choose from
  • Hybrid working policy

Security Engineer

Apply for this job
Job description

Security Engineer