Cloud Monitoring & Compliance Engineer
Location: United Kingdom (fully remote)
About KPMG International
KPMG International, with over 273,000 colleagues across 143 countries, is dedicated to delivering innovative solutions and positive change. Joining KPMG offers a global platform for career growth and impactful projects.
We provide Audit, Tax, and Advisory services, setting standards and developing tech-enabled solutions to protect our reputation and create value for communities. Our work environment fosters innovation, standards, and a culture of empowerment.
About this Global Group
Global Technology & Knowledge supports KPMG's digital transformation, security, and technology services. Our principles include customer-centricity, expertise communities, flexible delivery, and fulfilling careers. We operate under five domains: Technology Portfolio Delivery, Global Enterprise Technology, Technology Strategy & Blueprint, Global Information Security Group, and Business Operations.
About this Team
As part of the Global Information Security Group (GISG), the ISS team, including GSOC and VASD, defends KPMG and its clients from cyber threats through detection, investigation, and remediation.
Role summary
The Cloud Monitoring & Compliance Engineer ensures visibility into security and compliance across KPMG's cloud-native technology stack. Responsibilities include managing GSOC tools on Windows, Azure, and O365, supporting multi-cloud environments, and ensuring configuration and compliance guardrails are followed. The role involves installation, management, troubleshooting, and collaboration with vendors and internal teams to enhance cloud security posture.
The key responsibilities include:
1. Analyzing MDC Product alerts related to CWP & CSPM for internal clients.
2. Customizing and enhancing Cloud Security Posture Management and Cloud Workflow Protection features.
3. Onboarding new tenants and cloud providers.
4. Planning and implementing automated remediation activities.
5. Engaging with vendors to optimize product investments and influence roadmaps.
6. Managing and troubleshooting cloud security tools daily.
7. Collaborating with GISG teams to meet security requirements.
8. Ensuring compliance with internal controls and standards.
9. Using DevOps practices to document project tasks.
The key accountabilities mirror these responsibilities, emphasizing analysis, customization, onboarding, remediation, vendor liaison, management, and compliance.
Qualifications include:
* Solid IT experience with major cloud providers.
* Bachelor's degree in Computer Science or related field, or equivalent experience.
* Knowledge of Cloud Security Posture Management tools (Microsoft MDC, Twistlock, Redlock).
* Experience securing cloud environments and ensuring compliance.
* Understanding of API security standards, exploits, malware, and web architecture.
* Proficiency in building complex queries (RQL, KQL, SQL).
* Hands-on experience with Microsoft Azure, AWS, or GCP security features.
* Programming skills in Python or PowerShell.
We support flexible working arrangements and promote diversity and inclusion. Applicants requiring accommodations are encouraged to discuss their needs during the recruitment process.
#J-18808-Ljbffr