Who we’re looking for
Are you passionate about practical, large-scale defence within Cyber Security? State sponsored attacks, corporate hacking, data breaches, economic espionage and targeted intrusions, including APT.
The scale and complexity of Cyber-attacks is increasing every day and businesses need a trusted ally to steer them through this challenging landscape.
About the team
As a Cyber Defence Analyst at PwC you will form a key part of the team responsible for the development, management and execution of our Managed Cyber Defence services to our global clients. Global is the operative word because we operate internationally with a focus on consistency and availability to our client base at any time.
Managed Cyber Defence sits within our Cyber Threat Ops department, which offers a comprehensive suite of Cyber Security services.
About the Role
We are looking for experienced staff members, and we value skills from a variety of technical disciplines. The work offers a number of opportunities for interesting work and development.
Our Cyber Defence Analysts perform a variety of duties which run from Threat Hunt activities, Incident Containment, Detection Engineering, consuming and contributing to Threat Intelligence, and Alert Handling. In a typical week, a Cyber Defence Analyst will contribute to all of these elements in their day-to-day duties, with each member of our team bringing valuable skills to one or more areas.
Contributing to the end-to-end technical execution of the MCD service requires the ability to multi-task across multiple different scales of thinking; your contributions will be valued both to in-depth technical analysis of security alerts, and to the large-scale continual improvement of the systems automating the detection & response around those alerts.
Preference may be given to candidates available to work in our Edinburgh office - however, remote working could be possible for the right candidate. The role does not involve extensive travel and is primarily remote from our client organisations.
Duties & Responsibilities
Benefit from our shift-based model by getting a full-scale salary on a reduced hours arrangement - 30 hours per week. Shift model does not require night shifts.
Define and implement detection and response automation logic
Threat Hunting, and continual improvement of the service based on successful techniques
Incident Containment - performed both as part of our own service, and we work closely with PwC’s Incident Response team
Coaching and knowledge-sharing with other analysts; we firmly believe even the most experienced team members should always be learning
Work within, and ultimately help shape, our response framework for globally scalable cyber defence
Provide technical guidance to client organisations to correctly gather relevant data, analyse and respond to cyber security incidents
Contributes to the development of policies, standards and guidelines.
Apply broad security industry, technology, business and professional knowledge to contribute to policy-making and process design.
Correlate threat intelligence with active attacks and vulnerabilities within the enterprise.
Monitor and analyse security events and identify trends, attacks, and potential threats.
Research and stay current on the latest trends, best practices, and technology developments.
Skills and Experience
Experience using EDR tools such as XDR, CrowdStrike, SentinelOne or Defender ATP
Experience with SOAR platforms such as Demisto, Phantom or SIEMplify
Strong knowledge of Windows System Internals and related endpoint security mechanisms
Previous host-based investigative, forensic or analysis work is strongly beneficial
Ability to identify patterns and trends in events, and to extract useful indicators of compromise from that data.
A background in client facing business-to-business work
Relevant areas of certification may include SANS / GIAC, OSCP or similar
Experience of gleaning and analysing security information from a large variety of host and network based technologies - tell us what you bring to the table.
Ability to assess the output of malware analysis and sandboxing techniques.
Python and PowerShell scripting highly advantageous
Contact Name: PwC
Job ID: 2858609