Job Description

Line of Service Advisory

Industry/Sector Not Applicable

Specialism Cybersecurity & Privacy

Management Level Senior Associate

& Summary A career in our Advisory Acceleration Centre is the natural extension of PwC\xe2\x80\x99s leading class global delivery capabilities. We provide premium, cost effective, high quality services that support process quality and delivery capability in support for client engagements.

To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.

As a Senior Associate, you\'ll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:

• Use feedback and reflection to develop self awareness, personal strengths and address development areas.
• Delegate to others to provide stretch opportunities, coaching them to deliver results.
• Demonstrate critical thinking and the ability to bring order to unstructured problems.
• Use a broad range of tools and techniques to extract insights from current industry or sector trends.
• Review your work and that of others for quality, accuracy and relevance.
• Know how and when to use tools available for a given situation and can explain the reasons for this choice.
• Seek and embrace opportunities which give exposure to different situations, environments and perspectives.
• Use straightforward communication, in a structured way, when influencing and connecting with others.
• Able to read situations and modify behavior to build quality relationships.
• Uphold the firm\'s code of ethics and business conduct.

,

Threat Hunter - CaaS

As a Threat Hunter (Senior Associate) within the Cyber as a Service (CaaS) practice, you\xe2\x80\x99ll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. Responsibilities include but are not limited to:

Required Qualifications:

5+ years of experience in a technical role in the areas of Security Operations, Threat Intelligence, Incident Response, or Penetration Testing/Red Team.

At a minimum, a Bachelor\'s Degree in a relevant area of study with a preference for Computer Science, Computer Engineering, Cybersecurity, or Information Security.

Knowledge and experience working with various SIEM, EDR, NDR and Ticketing tools.

Advanced knowledge of operating system internals and security mechanisms.

Advanced knowledge and experience analyzing attacker techniques at all stages of a breach. Knowledge of MITRE ATT&CK and Cyber Kill-Chain is a must

Roles & Responsibilities:

Continuously search for signs of advanced threats and anomalies within the network and systems, even when no specific alerts or incidents have been triggered.

Develop and execute proactive threat hunting queries, use cases, or algorithms to identify potential security risks.

Stay updated on the latest threat intelligence feeds, industry reports, and emerging attack techniques.

Analyze threat intelligence data to understand attacker tactics, techniques, and procedures (TTPs) and CKC phases, and incorporate this knowledge into threat hunting activities.

Investigate and analyze endpoints (computers, servers, and devices) for suspicious activities and indicators of compromise (IoCs).

Utilize endpoint detection and response (EDR) tools to gather telemetry data and perform in-depth analysis.

Analyze network traffic and flow data to identify unusual patterns, unauthorized access, and potential threats.

Use network forensic tools and packet capture techniques to investigate network-based incidents, if available and required.

Identify deviations from normal behavior by studying user and entity behavior analytics (UEBA) and applying anomaly detection methods, if applicable.

Detect signs of lateral movement, privilege escalation, and other MITRE tactics by monitoring user accounts and permissions.

Analyze suspicious files or malware samples to understand their functionality and assess the level of threat they pose.

Collaborate with the L2 analyst team to develop mitigation strategies based on malware analysis.

Develop and maintain threat hunting playbooks or runbooks that outline standardized procedures and methodologies for conducting threat hunting activities.

Collaborate with L1 and L2 analysts, and other relevant teams to ensure a coordinated response to identified threats.

Communicate findings and recommendations effectively to technical and non-technical stakeholders.

Stay up-to-date with the latest threat landscape, attack vectors, and cybersecurity technologies through ongoing research and professional development.

Participate in knowledge-sharing initiatives within the threat hunting team to enhance collective expertise.

Maintain detailed records of threat hunting activities, including findings, actions taken, and outcomes.

Prepare comprehensive reports on threat hunting results, including recommended actions and areas for improvement.

Work with internal and client teams to develop and implement mitigation and remediation strategies to eliminate or contain identified threats.

Provide guidance on improving security controls and reducing the attack surface based on threat hunting findings.

Ensure adherence to established threat hunting processes and procedures.

Identify opportunities for process improvement and contribute to the enhancement of threat hunting methodologies.

Be available for on-call schedules, including evenings and weekends, to assist with critical and high-severity security incidents and escalations.

Maintain composure and efficiency in high-pressure situations.

Experience & Skills:

5+ years of experience in a technical role in the areas of Security Operations, Threat Intelligence, Cyber Incident Response, or Penetration Testing/Red Team.

Experience in SIEM technologies such as Azure Sentinel, Splunk, ArcSight, QRadar, Exabeam, LogRhythm

Experience and knowledge of EDR and NDR technologies such as Cortex XDR, CrowdStrike, Carbon Black, Cylance, Defender, DarkTrace

Experience with ticketing system such as ServiceNow, JIRA is considered a strong asset

Knowledge of operating system internals, OS security mitigations & understanding of Security challenges in Windows, Linux, Mac, Android & iOS platforms

Experience and Knowledge working with Cyber Kill-Chain model and MITRE ATT&CK framework

CISSP and any one or more of the following GIAC certifications: GCIA, GSOC, GMON, GCDA, GDAT, GCED, GCFE, GCFA, GNFA, GREM, GCLD preferred.

Ability to use data to \'tell a story\'; ability to communicate findings and recommendations effectively to technical and non-technical stakeholders.

Experience and knowledge of scripting languages such as JavaScript, Python, PHO, Bash, PowerShell, etc. is an asset

Experience with reverse engineering, digital forensics (DFIR) or incident response, or machine learning models is an asset

Experience with offensive security including tools such as Metasploit, exploit development, Open Source Intelligence Gathering (OSINT), and designing ways to breach enterprise networks is an asset

Experience in security device management and multiple SIEM platforms

Proficient in preparation of reports, dashboards and documentation

Excellent communication and leadership skills

Experience in performing vendor management

Ability to handle high pressure situations with key stakeholders

Good Analytical skills, Problem solving and Interpersonal skills

A demonstrated commitment to valuing differences and working alongside diverse people and perspectives

• Willing to work in US day shift (9AM EST - 5PM EST) / India night Shift (7 PM IST to 3 AM IST) and weekend support / on call support

Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required:

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Desired Languages (If blank, desired languages not specified)

Travel Requirements 0%

Available for Work Visa Sponsorship? No

Government Clearance Required? No

Job Posting End Date

PwC