Manager, Cybersecurity Threat Intelligence

About KTSA We are KTSA – KPMG Technology Services Americas. A Service Delivery Center of KPMG US, with offices in Mexico City, Guadalajara, and a growing network of remote talent across the country. We deliver high-value technology, consulting, and corporate support services to KPMG US and its clients. At KTSA, our Employer Value Proposition is clear: Explore . Explore isn’t just a word — it’s how we grow, lead, and thrive. It’s the mindset that drives our culture and shapes every opportunity: Experience a collaborative, inclusive, and multicultural workplace where you belong. Excel by creating impact and leaving your mark on global projects. Expand your potential with real career paths, learning programs, and mentorship. Express your individuality — come as you are, and thrive as your authentic self. And because we know that thriving at work also means thriving in life, we back this mindset with KTSAMÁS , our total rewards program, designed to support your well-being, goals, and personal milestones. RESPONSIBILITIES AND QUALIFICATIONS: Key Responsibilities: Strong background in tactical/ operational cyber threat intel with knowledge of incident response/ threat hunting. Demonstrated ability to automate tasks/ workflows is highly favorable. Knowledge of Microsoft KQL also highly desirable but other SIEM knowledge acceptable. One of the primary responsibilities are IOC sweeps/ blocks/ investigations of hits. Assist with automating this task. End goal is for IR to receive high fidelity true positive hits and for the person in this role to assess trends of IOC hits and feed intel to the threat hunt workstream to prioritize hunts on those threat actors. While working towards IOC sweep automation, escalates to hunters when hits determined to be true positive and remediation actions are required or if advanced analysis is required. Daily CISO report (CTI Input) – This report is sent out daily to our CISO and other Sr. Leadership/ workstreams regarding daily CTI news and its relevance to KPMG. The person in this role will be responsible for this daily. Assist U.S. CTI workstream SME with alerts/ investigations from CTI tools. Prefer experience with CTI tools such as ZeroFox (Brand abuse/ leaked credentials investigations), Flashpoint (Deep dark web investigations), Domain Tools (domain/ web investigations) and experience with a Threat Intelligence Platform (TIP) such as Threat Q. Assist with the assessment of Top 10 threat actors/ malware for the firm to prioritize on assessments/ hunts. Research and develop risk mitigating approaches and drive response and remediation. Document processes and procedures in the form of playbooks and reference guides. Stay abreast of the latest information security controls, practices, techniques and capabilities in the marketplace. Knowledge of all phases of incident response life cycle: analysis, containment, eradication, remediation, recovery. Evaluate external threat intelligence sources related to zero-day attacks, exploit kits and malware to determine organizational risk. Q ualifications: Knowledge/ experience in automating tasks (creating logic apps, powershell/ python scripts to automate workflows/ tasks). This is highly desirable skillset. Experience in security monitoring, security operations, and incident response activities; preferably within a professional services firm or similar environment. Strong knowledge of incident response and crisis management; Ability to identify both tactical and strategic solutions. Knowledge/ background with snort rules (reading and/or writing them). Knowledge of Microsoft KQL (writing queries/ creating workbooks are highly desirable). Experience with IT process definition and / or improvement. Ability to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors Experience developing/ utilizing SIEM queries for investigating IOCs within the network. Experience conducting analysis based on Deep Dark Web intelligence. Expand your possibilities with KTSA through KTSAMÁS, where you can access: Extended maternity, paternity, and adoption leaves Above-market vacation benefits Remote work Learning opportunities, training, and certification programs Extended marriage leave and daycare support Wellness and Employee Assistance Programs (EAP) Comprehensive medical plan, life insurance, car insurance, and funeral assistance Visit w ww.ktsa.com.mx to learn more. At KTSA, we celebrate and support everyone’s individuality. We do not discriminate against any race, religion, color, national origin, gender, sexual orientation, gender identity or expression, age, marital status, or disability. We are supportive of helping you to achieve a balance between your home and work demands. We are happy to discuss specific requirements and our range of flexible working arrangements could be of interest. Please ask to find out more. We strongly state that we DO NOT require a certificate of non-pregnancy or HIV in order to participate in any of our processes. E xplore KTSA, we dare to be different H ome - KTSA KTSA - KPMG Technology Services of Americas