EDR / SIEM Admin - Associate Consultant

About KPMG in India

KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. 

KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.

EDR Administration

• Manage and administer EDR tools (e.g., Microsoft Defender for Endpoint, CrowdStrike, SentinelOne, Cortex XDR).
• Deploy, configure, and maintain EDR agents across endpoints (Windows, Linux, macOS).
• Monitor endpoint alerts, analyze malicious activity, and support incident response actions.
• Tune detection rules and policies to reduce false positives.
• Coordinate containment, isolation, and remediation actions during security incidents.
• Ensure EDR coverage, health, and agent compliance across the environment.

SIEM Administration

• Administer SIEM platforms (e.g., Microsoft Sentinel, Splunk, IBM QRadar, ArcSight).
• Onboard and normalize log sources (firewalls, servers, endpoints, cloud services, applications).
• Manage correlation rules, alerts, dashboards, and reports.
• Tune SIEM use cases to improve signal-to-noise ratio.
• Develop and maintain detection logic aligned with MITRE ATT&CK.
• Support threat hunting and forensic investigations.

Security Operations & Compliance

• Support SOC analysts during investigations and escalations.
• Maintain documentation, SOPs, and runbooks for EDR and SIEM use cases.
• Assist with audits, compliance reporting, and security metrics.
• Integrate EDR and SIEM with SOAR, ticketing, and threat intelligence platforms.
• Participate in vulnerability remediation and continuous improvement initiatives.

• Technical Skills
• Strong hands-on experience with EDR platforms and SIEM tools
• Solid understanding of: 
  • Endpoint security concepts
  • Log management and event correlation
  • Malware behavior and attack techniques
• Working knowledge of: 
  • Windows/Linux OS
  • Networking fundamentals (TCP/IP, DNS, firewalls)
  • Cloud environments (Azure/AWS/GCP – preferred)
• Experience with scripting (PowerShell, Python – preferred)
• Familiarity with MITRE ATT&CK framework and threat-hunting concepts investigations

• Ability to work with APIs for automation and integration

Equal employment opportunity information 

KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.