Manager, Cyber Threat Intelligence - Advanced English

About KTSA

We are KTSA – KPMG Technology Services Americas.

A Service Delivery Center of KPMG US, with offices in Mexico City, Guadalajara, and a growing network of remote talent across the country. We deliver high-value technology, consulting, and corporate support services to KPMG US and its clients.

At KTSA, our Employer Value Proposition is clear: Explore .

Explore isn’t just a word — it’s how we grow, lead, and thrive. It’s the mindset that drives our culture and shapes every opportunity:

• Experience a collaborative, inclusive, and multicultural workplace where you belong.
• Excel by creating impact and leaving your mark on global projects.
• Expand your potential with real career paths, learning programs, and mentorship.
• Express your individuality — come as you are, and thrive as your authentic self.

And because we know that thriving at work also means thriving in life, we back this mindset with KTSAMÁS , our total rewards program, designed to support your well-being, goals, and personal milestones.

RESPONSIBILITIES AND QUALIFICATIONS:

Key Responsibilities:

• Strong background in tactical/ operational cyber threat intel with knowledge of incident response/ threat hunting. Demonstrated ability to automate tasks/ workflows is highly favorable. Knowledge of Microsoft KQL also highly desirable but other SIEM knowledge acceptable.
• One of the primary responsibilities are IOC sweeps/ blocks/ investigations of hits. Assist with automating this task. End goal is for IR to receive high fidelity true positive hits and for the person in this role to assess trends of IOC hits and feed intel to the threat hunt workstream to prioritize hunts on those threat actors. While working towards IOC sweep automation, escalates to hunters when hits determined to be true positive and remediation actions are required or if advanced analysis is required.D
• aily CISO report (CTI Input) – This report is sent out daily to our CISO and other Sr. Leadership/ workstreams regarding daily CTI news and its relevance to KPMG. The person in this role will be responsible for this daily.A
• ssist U.S. CTI workstream SME with alerts/ investigations from CTI tools. Prefer experience with CTI tools such as ZeroFox (Brand abuse/ leaked credentials investigations), Flashpoint (Deep dark web investigations), Domain Tools (domain/ web investigations) and experience with a Threat Intelligence Platform (TIP) such as Threat Q.A
• ssist with the assessment of Top 10 threat actors/ malware for the firm to prioritize on assessments/ hunts.R
• esearch and develop risk mitigating approaches and drive response and remediationD
• ocument processes and procedures in the form of playbooks and reference guides.S
• tay abreast of the latest information security controls, practices, techniques and capabilities in the marketplace.L
• ead internal skills development activities for information security personnel on the topic of cyber threat intelligence, by providing mentoring and by conducting knowledge sharing sessionsP
• rovide input to business cases and presentations to senior IT leadership of proposed security products and studies. Produce operating metrics and key performance indicators.K
• nowledge of all phases of incident response life cycle: analysis, containment, eradication, remediation, recoveryE
• valuate external threat intelligence sources related to zero-day attacks, exploit kits and malware to determine organizational risk.

Q

ualifications:

• Knowledge/ experience in automating tasks (creating logic apps, powershell/ python scripts to automate workflows/ tasks). This is highly desirable skillset.E
• xperience in security monitoring, security operations, and incident response activities; preferably within a professional services firm or similar environmentS
• trong knowledge of incident response and crisis management; Ability to identify both tactical and strategic solutionsK
• nowledge/ background with snort rules (reading and/or writing them).K
• nowledge of Microsoft KQL (writing queries/ creating workbooks are highly desirable).E
• xperience with IT process definition and / or improvementA
• bility to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendorsS
• trong verbal/written communication, with ability to effectively interact with individuals at all levels of responsibility and authority. Must be able to prioritize, delegate to support an environment driven by customer service and teamwork. · Strong trouble-shooting and organizational skills and ability to work on multiple projects simultaneously. Ability to participate in resource planning processes based on defined organizational plans.E
• xperience defining security monitoring rules, monitoring events, assessing risk, responding to incidents and providing security oversight related to the security features of IT tools supported by the IT operations teamsA
• bility to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors
• Strong verbal/written communication, with ability to effectively interact with individuals at all levels of responsibility and authority. Must be able to prioritize, delegate and foster the development of high-performance teams to lead/support an environment driven by customer service and team work. Strong trouble-shooting and organizational skills and ability to work on multiple projects simultaneously. Ability to participate in resource planning processes based on defined organizational plans.E
• xperience developing/ utilizing SIEM queries for investigating IOCs within the network.E
• xperience conducting analysis based on Deep Dark Web intelligence.

E

xpand your possibilities with KTSA through KTSAMÁS, where you can access:E

• xtended maternity, paternity, and adoption leavesA
• bove-market vacation benefitsH
• ybrid work modelL
• earning opportunities, training, and certification programsE
• xtended marriage leave and daycare supportW
• ellness and Employee Assistance Programs (EAP)C
• omprehensive medical plan, life insurance, car insurance, and funeral assistanceV

isit to learn more.

A

t KTSA, we celebrate and support everyone’s individuality. We do not discriminate against any race, religion, color, national origin, gender, sexual orientation, gender identity or expression, age, marital status, or disability. We are supportive of helping you to achieve a balance between your home and work demands. We are happy to discuss specific requirements and our range of flexible working arrangements could be of interest. Please ask to find out more. We strongly state that we DO NOT require a certificate of non-pregnancy or HIV in order to participate in any of our processes.

E

xplore KTSA, we dare to be different!H

ome - KTSAK

TSA - KPMG Technology Services of Americas