Manager in Cyber Forensic and Response at KPMG South Africa

Job Purpose

• Manage and maintain the cloud-based forensic and investigation infrastructure hosted on Microsoft Azure, ensuring secure, reliable, and efficient operation of digital forensics, data analytics, and evidence management platforms.

Responsibilities

• Administer and maintain all forensic and investigation systems hosted on Azure — including case management, data storage, analytics environments, and automation pipelines.
• Design and manage Azure-based forensic environments, such as isolated investigation VMs, Azure Sentinel workspaces, and secure evidence vaults.
• Support forensic and incident response teams with data ingestion, extraction, and queries from diverse sources (Azure logs, O365, endpoints, and third-party integrations).
• Automate data collection, enrichment, and correlation across Azure services using Logic Apps, PowerShell, and Azure Functions.
• Implement and enforce role-based access control (RBAC) and ensure compliance with evidence handling, retention, and privacy standards.
• Knowledge of configurations relating to RAG, Agentic AI and document analyser, Azure AI etc
• Monitor and optimize Azure resource performance, cost, and security posture for forensic workloads.
• Coordinate with internal IT and security teams to maintain connectivity, patching, and resilience of forensic systems.
• Evaluate and integrate new forensic and data management tools within the Azure ecosystem to enhance investigative capabilities.
• Manage the Azure environment used by front end investigation teams

Qualifications

Education:

• B.Sc. or M.Sc. in Information Technology, Computer Science, Cybersecurity, or related field.

Certifications:

Preferred:

• Microsoft Certified: Azure Administrator Associate (AZ-104)
• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Azure Solutions Architect Expert (AZ-305)
• GIAC Certified Forensic Examiner (GCFE) or CHFI
• Splunk / Kusto Query Language (KQL) proficiency

Experience

• 4–8 years in IT or security operations, with 3+ years managing Azure environments for security, data analytics, or forensic purposes.

Skills

• Expert in Azure services such as Sentinel, Log Analytics, Defender for Cloud, Blob Storage, Key Vault, Logic Apps, RAG, Document Analyser and Azure Automation.
• Knowledge of Proficiency in KQL, PowerShell, and Python for data extraction and automation.
• Understanding of forensic workflows, evidence integrity, and digital investigation processes.
• Knowledge of data retention, encryption, and compliance frameworks