Technical threat research analyst
You’ll be joining a growing team at PwC responsible for the development and delivery of threat research and intelligence services provided by PwC across the globe, ranging from ad-hoc technical analysis to long term campaign tracking and reporting.
As part of the role, you’ll also be working hand in hand with our incident response practice while they investigate intrusions, with our hunt and monitoring teams to develop signatures and detection techniques for the latest attacker TTPs, and with customers facing everything from FIN7 to APT28.
Our Cyber Threat Operations practice is PwC’s front-line technical services group, responsible for the development, management and execution of a portfolio of blue and red team services. We provide subscription and bespoke threat research services, short-term and managed endpoint and network hunting services, incident response and readiness services and adversary emulation.
In this role you will track nation state and organised crime actors targeting PwC’s global client base. You could be involved in monitoring C2 infrastructure for an actor, targeted attack activity in a specific region, or the evolution of specific malware families, and everything in between.
We’re looking for passionate, creative individuals who live and breathe the following topic areas:
- Developing collection and tracking techniques to identify new threat actors and campaigns, monitor the activity of known actors, and production of consumable indicators.
- Production of analytic content, detection concepts and signatures to detect malicious activity in log data, network traffic or on endpoints.
- Delivering reports and presentations based on research into emerging threats, and sharing your findings with customers, or with the public via blogs, conference presentations etc.
- Researching and developing new tools and scripts to continually update or improve our threat intelligence automation processes, collection methods and analytical capability.
If you’re interested in tackling international espionage, uncovering criminal activity & tracking hacktivists – we’re keen to talk to you. We expect you will already be able to demonstrate experience in one or more of the following areas:
∙ Development and curation of APT and targeted attack intrusion sets along with campaign research and tracking experience.
∙ Participate in analysis surges to renew and further develop our knowledge on new and existing threat actors.
∙ Supporting an incident response lifecycle, to provide threat intelligence support to active investigations and IR teams.
∙ Malware reverse engineering expertise in order to identify and classify new samples, understand C2 protocols and functional capability.
∙ Strong knowledge of scripting languages such as Python, Perl or PowerShell and their use in automation of collection and management of intel indicators.
∙ Strong expertise with Maltego, custom transforms and its use in mapping out intrusion sets.
. Developing analytic content, detection concepts and signatures to detect malicious activity across an IT estate, such as Suricata, OpenIOC or Yara rules.
∙ Ability to apply a robust analytical methodology to support your conclusions in relation to specific threat actors, and an ability to rationalise and articulate your conclusions.
∙ Solid understanding of network protocols, attack lifecycles and actor tradecraft.
∙ As it relates to the tradecraft of an actor, experience of gleaning and analysing security information from enterprise network and host based sensors, such as IDS/IPS systems, HIDS, SIEMs, AD controllers and firewalls.
∙ An interest in maintaining and growing a strong network of contacts within the threat intelligence industry.
∙ Knowledge of open source or commercial platforms, tools and frameworks used within threat intelligence teams, such as threat intelligence platforms, sandboxes etc.
We’re looking for someone with:
∙ An unrelenting passion for finding bad actors;
∙ A strong desire to learn and willingness to share knowledge;
∙ The ability to manage time, prioritise tasks and work under tight deadlines;
∙ The ability to work independently with little supervision, but integrate well into teams.
∙ The ability to suggest creative but practical solutions to complex technical problems; and,
∙ Exceptional analytical and technical aptitude.
The skills we look for in future employees
All our people need to demonstrate the skills and behaviours that support us in delivering our business strategy. This is important to the work we do for our business, and our clients. These skills and behaviours make up our global leadership framework, ‘The PwC Professional’ and are made up of five core attributes; whole leadership, technical capabilities, business acumen, global acumen and relationships.
Learn more here www.pwc.com/uk/careers/experienced/apply
We work in a changing world which offers great opportunities for people with diverse backgrounds and experiences. We seek to attract and employ the best people from the widest talent pool, as well as those who reflect the diverse nature of our society. And we aim to encourage a culture where people can be themselves and be valued for their strengths. Creating value through diversity is what makes us strong as a business and as an organisation with an increasingly agile workforce, we're open to flexible working arrangements where appropriate.
Learn more here www.pwc.com/uk/diversity