Job Details
Industry/Sector: Not Applicable
Time Type: Full time
Travel Requirements: Up to 20%
A career in our Cybersecurity, Privacy and Forensics will provide you the opportunity to solve our clients most critical business and data protection related challenges. You will be part of a growing team driving strategic programs, data analytics, innovation, deals, cyber resilency, response, and technical implementation activities. You will have access to not only the top Cybersecurity, Privacy and Forensics professionals at PwC, but at our clients and industry analysts across the globe. The Cyber Incident Response team focuses on supporting some of the world’s largest brands by helping to enhance their threat detection and response capabilities in light of a dynamic threat environment. Every day we help our clients prevent, detect, and respond to advanced cyber attacks, technology disruptions, and insider threats by conducting root cause and intrusion investigations, proactive threat hunts, and by helping clients prepare, respond, and recover from external and internal threat actors. Our team partners with clients to help them understand the operational security controls needed to detect and prevent compromises. Additionally, as a core member of PwC's Global Threat Intelligence network we have real time insights into a diverse set of threat actors and are on the cutting edge of cybersecurity.
To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be an authentic and inclusive leader, at all grades/levels and in all lines of service. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.
As a Manager, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:
- Pursue opportunities to develop existing and new skills outside of comfort zone.
- Act to resolve issues which prevent effective team working, even during times of change and uncertainty.
- Coach others and encourage them to take ownership of their development.
- Analyse complex ideas or proposals and build a range of meaningful recommendations.
- Use multiple sources of information including broader stakeholder views to develop solutions and recommendations.
- Address sub-standard work or work that does not meet firm's/client's expectations.
- Develop a perspective on key global trends, including globalisation, and how they impact the firm and our clients.
- Manage a variety of viewpoints to build consensus and create positive outcomes for all parties.
- Focus on building trusted relationships.
- Uphold the firm's code of ethics and business conduct.
GIAC including GCFA, GCFE, GREM, GNFA, GCCC, and/or GCIA.
Demonstrates thorough abilities and/or a proven record of success in the following areas:
- Applying incident handling processes including preparation, identification, containment, eradication, and recovery to protect enterprise environments;
- Analyzing the structure of common attack techniques in order to evaluate an attacker's spread through a system and network, anticipating and thwarting further attacker activity;
- Utilizing tools and evidence to determine the kind of malware used in an attack, including rootkits, backdoors, and Trojan horses, choosing appropriate defenses and response tactics for each;
- Using memory dumps and memory analysis tools to determine an attacker's activities on a machine, the malware installed, and other machines the attacker used as pivot points across the network;
- Acquiring infected machines and then detecting the artifacts and impact of exploitation through process, file, memory, and log analysis;
- Analyzing a security architecture for deficiencies;
- Recognizing and understanding common assembly-level patterns in malicious code, such as code injection, API hooking, and anti-analysis measures;
- Deriving Indicators of Compromise (IOCs) from malicious executables to strengthen incident response and threat intelligence efforts;
- Conducting in-depth forensic analysis of Windows operating systems and media exploitation focusing on Windows 7, Windows 8/8.1, Windows 10, and Windows Server 2008/2012/2016;
- Conducting in-depth forensic analysis of *Nix operating systems and media exploitation focusing on CentOS, RHEL, Solaris, AIX, HPUX, and Ubuntu/Debian;
- Identifying artifact and evidence locations to answer critical questions, including application execution, file access, data theft, external device usage, cloud services, anti-forensics, and detailed system usage;
- Hunting and responding to advanced adversaries such as nation-state actors, organized crime, and hacktivists;
- Extracting files from network packet captures and proxy cache files, allowing follow-on malware analysis, or definitive data loss determinations;
- Examining traffic using common network protocols to identify patterns of activity or specific actions that warrant further investigation;
- Detecting and hunting unknown live, dormant, and custom malware in memory across multiple Windows systems in an enterprise environment;
- Identifying and tracking malware beaconing outbound to its command and control (C2) channel via memory forensics, registry analysis, and network connections;
- Targeting advanced adversary anti-forensics techniques like hidden and time-stomped malware, along with utility-ware used to move in the network and maintain an attacker's presence;
- Using memory analysis, incident response, and threat hunting tools to detect hidden processes, malware, attacker command lines, rootkits, network connections, and more;
- Tracking user and attacker activity second-by-second on the system via in-depth timeline and super-timeline analysis; and,
- Identifying lateral movement and pivots within client enterprises, showing how attackers transition from system to system without detection.
Demonstrates thorough abilities and/or a proven record of success in the following areas:
- Network Analysis, Memory Analysis, Endpoint Analysis, Cyber Incident Lifecycle, NIST 800-61; and,
- Programming Languages such as Python, Perl, C/C++, C#, PowerShell, BASH, and Batch;
Demonstrates experience with at least two of the following tools including: X-Ways, Rekall, Volatility, EnCase, Remnux, IDA, Capture.Bat, RegShot, Radare, OllyDbg, Wireshark, Network Miner, NFdump, Tanium, CarbonBlack, CylancePROTECT, and PLASO/Log2Timeline, FireEye HX, and Crowdstrike;
Learn more about how we work: https://pwc.to/how-we-work
PwC does not intend to hire experienced or entry level job seekers who will need, now or in the future, PwC sponsorship through the H-1B lottery, except as set forth within the following policy: https://pwc.to/H-1B-Lottery-Policy.
All qualified applicants will receive consideration for employment at PwC without regard to race; creed; color; religion; national origin; sex; age; disability; sexual orientation; gender identity or expression; genetic predisposition or carrier status; veteran, marital, or citizenship status; or any other status protected by law. PwC is proud to be an affirmative action and equal opportunity employer.
The salary range for this position is: $100,000 - $232,000, plus individuals may be eligible for an annual discretionary bonus. Actual compensation within the range will be dependent upon the individual's skills, experience, qualifications and location, and applicable employment laws. PwC offers a wide range of benefits, including medical, dental, vision, 401k, holiday pay, vacation and more. To view our benefits at a glance, please visit the following link: https://pwc.to/benefits-at-a-glance