Fevrok logo
Senior Associate, IT Security Vulnerability Monitoring - Remote
3 years ago

**Business Title:** Senior Associate, IT Security Vulnerability Monitoring - Remote


**Requisition Number:** 86273 - 56


**Function:** Business Support Services


**Area of Interest:**


**State:** NJ


**City:** Montvale


**Description:**

Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today's most important industries. Our growth is driven by delivering real results for our clients. It's also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it's no wonder we're consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Working Mother Magazine, Diversity Inc. and others. If you're as passionate about your future as we are, join our team.


KPMG is currently seeking a Sr. Associate, IT Security Monitoring & Response to join our Digital Nexus organization. This is a remote work opportunity.


Responsibilities:


+ Monitor for threats and vulnerabilities through a combination of automated and manual processes and respond accordingly; research and develop risk mitigating approaches and drive response and remediation; implement automation and orchestration to improve efficiency and effectiveness of security monitoring and response processes; document processes and procedures in the form of playbooks and reference guides; stay abreast of the latest information security controls, practices, techniques and capabilities in the marketplace, as well as evolving threats

+ Participate in internal skills development activities for information security personnel on the topic of security monitoring; provide mentoring to junior team members; produce operating metrics and key performance indicators

+ Perform threat and vulnerability management; monitor, review and risk assess threat and vulnerability information sources; assess risk and recommend actions; scan the environment for known vulnerabilities; track and report on security threats, events, incidents, vulnerabilities, and remediation; work with system owners to remediate

+ Provide hands-on support for VM tools and interface with the firm's technical teams, business groups, and internal/external auditors to answer questions and provide documentation and/or evidence; Interface with various technical teams to provide scan results and track remediation of identified vulnerabilities

+ Support efforts to define and document additional components of the overall vulnerability management program in line with current industry best practices; document vulnerability scoring methodologies for various operating systems and software platforms; implement vulnerability feeds, reports, and alerts from various sources into tools and processes

+ Produce detailed technical and procedural documentation describing various components of the vulnerability management program; produce reports and metrics; research areas of concern to be communicated to management; create and maintain system documentation for security tools, perform system health checks, create test cases, and lead the upgrade of security tools


Qualifications:


+ Minimum three years of recent and relevant experience in security monitoring, security operations, and incident response activities; preferably within a professional services firm or similar environment

+ Bachelor's degree from an accredited college/university or equivalent work experience; certifications preferred: CISSP and either CCSP or CCSK; other certifications of importance: MCSE: Cloud Platform and Infrastructure, AWS Certified Solutions Architect

+ Experience providing engineering support of on premises and cloud security monitoring implementations with familiarity of cloud computing concepts and top-tier cloud providers; experience in performing manual and/or automated security configuration reviews of network devices, servers, and workstations; solid experience in administration of security monitoring tools, such as firewalls, IDS/IPS, proxies, and SIEM; working knowledge of networking technologies and tools; Functional knowledge in shell/bash scripting and/or Python

+ Experience in identification and remediation of system, network, and application vulnerabilities; validating vulnerability scanning results and false positives; performing vulnerability assessments using Qualys or other vulnerability assessment tools; experience in clustered Splunk Enterprise Security (ES) deployment with expertise of proper security design philosophy

+ Ability to manage Splunk ES knowledge objects such as apps, dashboards, saved Searches, scheduled searches and alerts; understanding of network and system intrusion and detection methods and mitigation techniques; experience with technologies such as Splunk, Next Generation Endpoint Protection Platforms (EPP), Security information and event management (SIEM), hacking tools techniques and procedures; experience with malware analysis or endpoint lateral movement detection methodologies or host forensic tools

+ Knowledge of incident response; experience with IT process definition and / or improvement; ability to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors; strong troubleshooting and organizational skills and ability to work on multiple activities simultaneously Hands-on network and systems administration skills with Linux and Windows; experience with public cloud environments

+ US Citizenship is required


KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link ( https://assets.kpmg.com/content/dam/kpmg/us/pdf/2018/09/eeo.pdf) contains further information regarding the firm's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please.


KPMG does not currently require partners or employees to be fully vaccinated or test negative for COVID-19 in order to go to KPMG offices, client sites or KPMG events, except when mandated by federal, state or local law. In some circumstances, clients also may require proof of vaccination or testing (e.g., to go to the client site).


**GL:** 5


**GF:** 15310

©2025 Fevrok. All Rights Reserved.