Senior Threat Detection Analyst

KPMG
London
3 months ago
Applications closed

Related Jobs

View all jobs

Junior SOC Analyst 24 x 7 Desk

Security Operations Center Analyst

Senior SOC Analyst

Associate SOC Analyst

Chief Information Security Officer

Cyber Security Lead

Job description

Senior Threat Detection Analyst

Base Location:Hybrid/UK based (core office in London) plus network of 20 offices nationally:

 

The KPMG EWT function is a cornerstone of our business. We do work that matters to our local business and communities – supporting technical innovation and adoption of cutting-edge solutions across the UK. Working on complex engagements in enterprise technology this team is responsible for the delivery of cutting-edge technical solutions and trusted to get it right first time.

 

KPMG is one of the world's largest and most respected consultancy businesses, we've supported the UK through times of war and peace, prosperity and recession, political and regulatory upheaval. We've proudly stood beside the institutions and businesses which make the UK what it is.

 

Why join KPMG EWT as a Senior Threat Detection Analyst?

The Team is an important function within Security Operations in KPMG. The team play a key role in ensuring that the business IT systems are protected and monitored from cyber threats. The team works with external MSSPs to monitor, analyse, report cyber security threats and respond accordingly. The team works with the different internal business capabilities to ensure that security monitoring service is embedded into their solutions. The team is also responsible for making sure that security monitoring is aligned with cyber threat landscape and business risks on an ongoing basis.

 

The person will be playing a key role in ensuring that the business IT systems are protected and monitored from threats, participate in the active monitoring of the security sensors and ensure that appropriate actions are taken as part of the Incident Response process, work with the different KPMG business capabilities to ensure that security monitoring service is embedded into their solutions.

 

You will be part of on-call rota for SOC and required to be on-call for one week at a time typically, during a month.

 

What will you be doing?

Act as an escalation point for other security analysts in the SOC, including 3rd party MSSP Co-ordinate SOC team response and work with Threat Detection manager to improve triage processes Deputise Threat Detection Manager with full delegated responsibilities, when required Proactively monitor the network security sensors ensuring timely detection, investigation and remediation of potential threats in line with the incident management lifecycle Use the advanced security analytics toolsets to monitor for emerging threat patterns and vulnerabilities, attempted or successful breaches Work closely with other KPMG teams to ensure that all technologies are activity monitored including troubleshooting where necessary Interact with the Global Security Operations Centre (GSOC) & MSSP, including Incident response and intelligence sharing, escalating to management where required Triage and manage incidents, events and queries from the business to the relevant resolver group Contribute to the Continual Service Improvement of the teams' operations through proactive analysis, engagement and collaboration Detect, respond and coordinate response for security events while capturing essential details and artefacts Operationalise actionable intelligence reports from Threat Intelligence team and external sources Maintain event response documentation, participate in post-mortems, and write event reports Contribute to projects that enhance the security posture of KPMG Identify trends, potential new technologies, and emerging threats, which may impact KPMG Review and prioritise alerts based on Standard Operating Procedures Review and triage suspected security events reported by staff members or Security Monitoring platforms Accurately document work in Incident case management system as per defined standards Leverage multiple data sources to analyse detection alerts and staff reported cyber-attacks to identify which events require response activities based on Standard Operating Procedures Declare an incident and escalate it to Incident Response team, ensuring findings have been accurately captured in the Incident case management system as per defined standards Ensure that cases are accurately categorised to ensure the appropriate feedback is provided to the Detection and Response Engineering team and to facilitate reporting Identify and record gaps in visibility and security posture through the course of investigations as per defined Standard Operating Procedures Identify potential new detection logic and escalate to the Detection and Response Engineering team Hunt for threat indicators from log data and other available endpoint/network artefacts

 

What will you need to do it?

Prior experience in Cyber Security Experience of working in a Security Operations Centre or Security Monitoring Team. Experience with managed security services and security consulting would be a plus Hands on SIEM and EDR tooling knowledge and experience including technologies such as Microsoft Sentinel, Microsoft Defender Suite etc. Experience in end-to-end information security incident management and mitigating and addressing threat vectors including Advanced Persistent Threat (APTs), Distributed Denial of Service (DDoS), Phishing, Malicious Payloads, Malware, etc Experience with Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Web Application, Firewalls, Firewall logs, systems logs, web logs, application logs and Security Information and Event Management (SIEM) systems Experience with technologies, tools, and process controls to minimise risk and data exposure. Experience in search query languages such as KQL, OSquery or SPL Solid experience of working in Cloud environments such as AWS, Azure, & GCP Experience with building threat-based Use Cases using frameworks such as MITRE ATT&CK Solid understanding of ISO 27001, Cyber Essentials/Essentials Plus, GDPR and other information security-related regulatory and compliance standards Understanding of security threats, attack scenarios, intrusion detection and incident management Ability to function effectively in a matrix structure Ability to deal with ambiguity and to keep a cool head when dealing with crisis or stressful situations Strong analytical skills Apply analytical rigor and demonstrate business acumen to understand complex business scenarios Fluent in English

 

Skills we’d love to see/Amazing Extras:

Already holds, or can be SC cleared Bachelor’s degree in Computer Science or related field Information Security and/or Information Technology industry certification (CISSP, SANS GIAC, SC-200, AZ-500 or equivalent)  

Our Locations:

With 20 sites across the UK, we can potentially facilitate office work, working from home, flexible hours, and part-time options. If you have a need for flexibility, please register and discuss this with our team.

 

Find out more:

Within Consulting we have a range of divisions and specialisms. Click the links to find out more below:

Consulting at KPMG:ITs Her Future Women in Tech programme:KPMG Workability and Disability confidence:

 

For any additional support in applying, please click the links to find out more:

Applying to KPMG:Tips for interview:KPMG values:KPMG Competencies:

KPMG Locations and FAQ:

Get the latest insights and jobs direct. Sign up for our newsletter.

By subscribing you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Careers

Tips for Staying Inspired: How Cyber Security Pros Fuel Creativity and Innovation

Cyber security professionals face a rapidly changing digital landscape, where new threats emerge almost daily and the stakes—protecting critical data, safeguarding personal privacy, and defending entire infrastructures—could not be higher. It’s easy to be consumed by vulnerability scans, incident response workflows, and endless compliance checks. Yet, thriving in this high-pressure environment demands more than just technical know-how. It also requires creativity and innovation, which enable you to stay one step ahead of potential attackers. So how do cyber security experts remain inspired and agile, even when the challenges can feel relentless? Below, we’ll explore ten actionable strategies to help security analysts, threat hunters, penetration testers, and security engineers maintain fresh perspectives and keep innovating. If you’re looking to sharpen your problem-solving skills and rediscover the spark that drew you to cyber security in the first place, these tips can guide you toward a more fulfilling and impactful career.

Careers

Top 10 Cyber Security Career Myths Debunked: Key Facts for Aspiring Professionals

In a hyper-connected world, cyber security is no longer an afterthought—it’s a core component of modern business, government, and everyday life. From stopping ransomware attacks to safeguarding personal data, cyber security professionals shoulder a vital responsibility: keeping digital systems, networks, and data safe. Unsurprisingly, the demand for skilled cyber security talent continues to surge, offering robust and often lucrative career paths. Yet, despite the industry’s prominence, myths and misconceptions about cyber security careers abound. Is it really just about hacking? Do you need to be a superhuman coder with years of experience? Or is cyber security just a niche field, reserved for tech giants? At CyberSecurityJobs.tech, we see firsthand how these myths deter capable individuals from entering or advancing in one of the most dynamic fields in tech. This article aims to bust the top 10 cyber security career myths—providing clear, evidence-based insights into what it really takes to thrive in this ever-evolving domain. Whether you’re a recent graduate exploring the field, a mid-career professional seeking a pivot, or simply curious about the prospects, read on to discover the true breadth and promise of cyber security careers.

Careers

Global vs. Local: Comparing the UK Cyber Security Job Market to International Landscapes

Understanding opportunities, salaries, and work culture in cyber security across the UK, the US, Europe, and Asia Cyber security has rapidly ascended from a back-office concern to a strategic priority for every industry. As data breaches, ransomware, and nation-state attacks increase in frequency and sophistication, organisations worldwide are racing to fortify their digital defences. This ongoing surge in cyber threats fuels an unprecedented demand for skilled security professionals—ranging from penetration testers and threat intelligence analysts to cloud security architects and CISOs. In this article, we’ll explore how the UK cyber security job market compares to major international hubs in the United States, Europe, and Asia. We’ll discuss job opportunities, salary bands, work culture, and provide guidance for those who might be contemplating remote or overseas positions. By understanding the nuances of each region’s cyber security ecosystem, you can make a more informed decision about where and how to advance your career in this high-impact, fast-evolving sector. Whether you’re a seasoned expert with years of experience or a career-changer eager to break into cyber security, this overview will help you navigate the global landscape. By the end, you’ll have a clearer perspective on each region’s advantages and challenges—along with practical insights for seizing the best opportunities in a field that has become mission-critical for every modern organisation.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.