About The Team
Our Cyber Threat Operations practice is PwC’s front-line technical services group, responsible for the development, management and execution of a portfolio of blue and red team services. We provide subscription and bespoke threat research services, short-term and managed endpoint and network hunting services, incident response and readiness services and adversary emulation.
About The Role
You’ll be joining a growing team at PwC responsible for the development and delivery of threat research and intelligence services provided by PwC across the globe, ranging from ad-hoc technical analysis to long term campaign tracking and reporting.As part of the role, you’ll also be working hand in hand with our incident response practice while they investigate intrusions, with our hunt and monitoring teams to develop signatures and detection techniques for the latest attacker TTPs, and with customers facing everything from FIN7 to APT28
In this role you will track nation state and organised crime actors targeting PwC’s global client base. You could be involved in monitoring C2 infrastructure for an actor, targeted attack activity in a specific region, or the evolution of specific malware families, and everything in between.
Developing collection and tracking techniques to identify new threat actors and campaigns, monitor the activity of known actors, and production of consumable indicators.
Production of analytic content, detection concepts and signatures to detect malicious activity in log data, network traffic or on endpoints.
Delivering reports and presentations based on research into emerging threats, and sharing your findings with customers, or with the public via blogs, conference presentations etc.
Researching and developing new tools and scripts to continually update or improve our threat intelligence automation processes, collection methods and analytical capability.
Participate in analysis surges to renew and further develop our knowledge on new and existing threat actors
Supporting an incident response lifecycle, to provide threat intelligence support to active investigations and IR teams.
Skills and Experience
If you’re interested in tackling international espionage, uncovering criminal activity & tracking hacktivists – we’re keen to talk to you. We expect you will already be able to demonstrate experience in one or more of the following areas
Development and curation of APT and targeted attack intrusion sets along with campaign research and tracking experience.
Malware reverse engineering expertise in order to identify and classify new samples, understand C2 protocols and functional capability.
Strong knowledge of scripting languages such as Python, Perl or PowerShell and their use in automation of collection and management of intel indicators.
Strong expertise with Maltego, custom transforms and its use in mapping out intrusion sets.
Developing analytic content, detection concepts and signatures to detect malicious activity across an IT estate, such as Suricata, OpenIOC or Yara rules
Ability to apply a robust analytical methodology to support your conclusions in relation to specific threat actors, and an ability to rationalise and articulate your conclusions.
Solid understanding of network protocols, attack lifecycles and actor tradecraft.
As it relates to the tradecraft of an actor, experience of gleaning and analysing security information from enterprise network and host based sensors, such as IDS/IPS systems, HIDS, SIEMs, AD controllers and firewalls.
An interest in maintaining and growing a strong network of contacts within the threat intelligence industry.
Knowledge of open source or commercial platforms, tools and frameworks used within threat intelligence teams, such as threat intelligence platforms, sandboxes etc.