SIEM Content Engineer

About KPMG in India

KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada.

KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.

SIEM Content Engineer

Location: Mumbai/ Gurgaon

Experience Required: 3 to 8 years

Required Qualifications

• Bachelors/master's degree in engineering.
• Experience in cybersecurity, with a focus operational security, including security operations center, incident response, SIEM platforms.
• Experience in Microsoft Sentinel analytical rule and Defender custom detection,
• Content development of new detection rules,
• Finetuning rules for whitelisting and
• Detection logic improvement.

Roles and Responsibilities include:

• Develop and implement custom analytics rules within Microsoft Sentinel to identify security threats and anomalies.
• Leverage KQL and other tools to create custom detection on Microsoft Defender XDR MDE & MDCA.
• Create advanced detection rules based on business requirements & SOC Use Cases.
• Work with SIEM and SOAR solutions at scale.
• Collaborate with other security teams to identify and prioritize security requirements and develop effective solutions.
• Update the code (KQL) on analytical rule for finetuning the false positive incidents.
• Stay up to date with the latest security threats and trends and apply this knowledge to improve our security posture.
• Perform content enrichment depedepending on feedback received from security analysts
• Have a strong understanding of Cloud Security and Networking Concepts and practices.
• Helps to create reports that properly present the key risk and performance indicators.
• Communicating & reporting concise summaries of complex scenarios & information across diverse and senior stakeholder groups.
• Design, maintain Content Management standard operating procedures (SOP), processes and guidelines.
• Report preparation for leads and management review with data from dashboards & reports.

Skills and Experience required:

• Strong understanding of JSON, Kusto Query Language (KQL) and PowerShell languages.
• Experience analyzing data from cybersecurity monitoring tools such as SIEM / SOAR platforms, host and network logs, firewall and IPS/IDS logs and email security gateway.
• Strong understanding of security operations concepts: perimeter defense, endpoint management, data leak prevention, kill chain analysis and security metrics.
• Knowledge of the common attack vectors on various layers.
• Knowledge and experience working with the Cyber Kill Chain Model, MITER ATT&CK Matrix.
• Experience with Security Operations Center, SIEM management & solutions ownership.
• Knowledge of various security methodologies and technical security solutions.
• Conduct an audit of the platform configuration to optimize it.
• Optimizing the way logs are processed and leveraged by SOC team members.
• Knowledge on schemas of Microsoft Defender XDR solutions (Microsoft Entra ID and ID protection, Microsoft Defender for Endpoint, Microsoft Defender for Cloud apps, Microsoft Purview Information Protection) and Microsoft 365.
• Knowledge of schemas with security events logs from Microsoft windows server.
• Experience of working within a regulatory/controlled environment.
• Understanding of Cyber Security Risk and mitigation strategies.

Equal employment opportunity information

KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.