Job Description
About KPMG in India
KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada.
KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.
Responsibilities
- Lead and oversee 24/7 SOC operations ensuring timely detection, investigation, and response to security incidents.
- Define and enforce incident response processes, SLAs, and escalation frameworks.
- Drive continuous improvement in SOC maturity, efficiency, and automation.
- Establish and lead proactive threat hunting programs to identify advanced threats and anomalies.
- Leverage threat intelligence feeds, frameworks (MITRE ATT&CK), and behavioral analytics.
- Collaborate with external intelligence sources and internal teams to stay ahead of evolving threats.
- Own design, implementation, and optimization of SIEM platforms (e.g., Splunk, Microsoft Sentinel, QRadar).
- Develop and enhance use cases, correlation rules, and dashboards.
- Ensure data ingestion, normalization, and log source integration across enterprise systems.
- Lead high-severity incident investigations and coordinate cross-functional response efforts.
- Perform root cause analysis and ensure closure with preventive actions.
- Develop incident playbooks, runbooks, and automation workflows (SOAR).
- Manage and mentor SOC analysts, threat hunters, and SIEM engineers.
- Build high-performing teams with clear roles, KPIs, and performance management.
- Engage with senior leadership, business units, and external partners.
- Ensure alignment with regulatory and compliance requirements (ISO 27001, NIST, etc.).
- Provide executive dashboards, metrics, and reporting on security posture.
- Conduct audits, risk assessments, and continuous control improvements.
- Drive automation initiatives using SOAR platforms.
- Integrate security tools (EDR, NDR, IAM, Cloud Security) with SIEM ecosystem.
- Enhance detection capabilities using ML/UEBA where applicable.
Qualifications
- Bachelor's/Master's degree in Cybersecurity, IT, or related field.
- 10–15+ years of experience in Cybersecurity with strong exposure to SOC, SIEM, and Threat Hunting.
- Proven experience in leading large security operations teams.
- SIEM platforms: Splunk, Sentinel, QRadar, ArcSight
- Threat frameworks: MITRE ATT&CK, Cyber Kill Chain
- Security tools: EDR, IDS/IPS, SOAR, DLP
- Log management, use case development, and alert tuning
- Cloud security (Azure, AWS, GCP)
- CISSP, CISM, CISA
- GIAC (GCIA, GCIH, GCFA)
- Splunk / Microsoft Sentinel certifications
Equal employment opportunity information
KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.
