Incident Response and Security Operations Consultant

Job Description

BackgroundPwC is a market leading provider of cyber security services to major organisations worldwide. Our global team of over 4,850 cybersecurity professionals includes specialised consultants, former law enforcement officials, forensic investigators,intelligence analysts, data scientists, legal professionals and industry leaders in cybersecurity and privacy. We are rated as a leader by multiple industry analysts for Global, EMEA and Asia-Pacific Cybersecurity Consulting services. Our multi-disciplinedCyber Incident Response (CIR) practice is central to this. Our team supports PwCs clients in crisis to prepare, respond and recover from cyber attacks, as well as reduce the risk of attacks by using the insights we have gained from being at the front-linesof investigating these attacks. Now is an exciting time to join the team and help shape and execute ambitious plans over the next 5 years. A key part of this will be increasing our capacity to help our clients prepare for and reduce the risk of attacks. Thisincludes working with our clients security operations teams to improve their ability to detect and respond to attacks, and with their IT teams to implement targeted technical improvements that increase "cost to the attacker".Our Cyber Incident Response practiceworks closely alongside many other of our front-line technical teams, including our global threat intelligence team, our Managed Cyber Defence threat hunting team and our ethical hacking practice. We also work with PwCs dedicated crisis coordination teamto provide support to clients at all levels of their organisations. ExperienceWe want team members with a strong technical understanding of how organisations can prevent, detect, assess and respond to cybersecurity threats and incidents, as well as how tobuild best of class incident response and security operations capabilities. We also want team members who will be passionate about developing and improving our technical consulting offerings using the insights gained from being at the front-lines of investigatingthese cyber attacks.You should have a proven ability to lead teams and projects to deliver improvements to security operations and incident response functions, across people, process and technology. You will have an in-depth understanding of the processes,techniques and tools used by security operations and incident response teams. We are also looking for team members with high levels of communication skills, as well as consulting and project management experience. You will also be able to easily flex betweenwork with both technical client stakeholders, such as SOC analysts, as well as senior stakeholders such as a Head of SOCs, Head of Cyber Security or CIO. You will ideally have experience such as:Developing cyber incident response plan, playbooks and processesthat allow security operations team to rapidly and effectively respond to incidents;Collaborating with incident response teams to plan and deliver targeted remediation activities after cyber security incidents; Designing prevention, detection and responsestrategies for organisations based on threat actor tools, techniques and procedures; Building effective security operations capabilities and using purple team engagements to tune and validate detection tooling;Working collaboratively with IT teams to remediatevulnerabilities identified through red team engagements, penetration testing and vulnerability scanning; Planning and coordination of large-scale security incident response, remediation and recovery efforts involving multiple parties and teams;Acting as thesubject matter expert or technical team lead for organisations in cyber crisis and data breach situations, and providing technical response strategy and execution support to enable them to successfully resolve, remediate, and recover from cyber security incidents.Arobust understanding of:The typical techniques used by attackers, ranging from criminal to state affiliated groups.Preventing and detecting common attacker techniques and the MITRE ATT&CK framework;Tuning and configuring cyber security tools, for example SIEMand EDR tooling;How enterprise IT networks, Active Directory and Azure AD operate.Responsibilities We are looking for passionate, motivated and experienced individuals that can lead our work helping clients prepare for and reduce the risk of attacks. As thisrole would be part of our multidisciplinary Cyber Incident Response practice, this role would also include assisting the wider team to help clients respond to cyber security incidents and to manage our profilo of cyber incident response retainers. Lead clientengagements across our incident response services portfolio to help clients prepare for and reduce the risk of attacks, acting as the key point of contact for senior client stakeholders, setting direction for the project teams, and being accountable for thetechnical excellence of our delivery, examples include:Assessing organisations ability to detect and respond to cyber attacks;Understanding organisations vulnerability to specific cyber security threats;Delivering remediation projects for clients who havehad cyber security incidents, and assisting plan cyber transformations;Testing and improving cyber incident response plans, runbooks and processes;Designing and implementing improvements to our clients detection tooling;Using purple teaming to tune and validatedetection capabilities; and,Implementing targeted improvements to increase cost to the attacker.Contribute to capability development, proposition development and thought leadership initiatives;Provide mentoring and oversight to the incident response practiceto help the team grow and develop;Collaborate and build relationships with PwCs wider Cyber Security practice, sharing insights gained from responding to incidents and helping other teams win and deliver work; Originate, cultivate and maintain relationshipswith existing and new clients, and support outreach and business development efforts in collaboration with other teams;Develop, enhance or refine the portfolio of incident response services in line with market trends, emerging threats, or opportunities forinnovation or market disruption;Support the execution of our business strategy and growing PwCs reputation in the cyber security market, for example by taking on responsibility for relationships with third parties such as technology alliance partners; and,Playa key role in PwCs global incident response community to support knowledge sharing, practice development and to pursue opportunities in collaboration with global colleagues..Risk Were a leading provider of trust in the digital world - in the eyes of ourpeople, our clients and our stakeholders. Todays business environment is different. More complex. More connected. Companies not only face new and unknown risks, but also new and untapped opportunities. Our team is at the forefront of this change, join usto be a p