Cybersecurity-CD&E -Threat Hunter- Senior Associate - Bangalore

Industry/Sector

Specialism

Management Level

Job Description & Summary

To really stand out and make us fit for the future in a constantly changing world each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines geographies and career paths and provides transparency on the skills we need as individuals to be successful and progress in our careers now and in the future.

As a Senior Associate youll work as part of a team of problem solvers helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:

• Use feedback and reflection to develop self awareness personal strengths and address development areas.
• Delegate to others to provide stretch opportunities coaching them to deliver results.
• Demonstrate critical thinking and the ability to bring order to unstructured problems.
• Use a broad range of tools and techniques to extract insights from current industry or sector trends.
• Review your work and that of others for quality accuracy and relevance.
• Know how and when to use tools available for a given situation and can explain the reasons for this choice.
• Seek and embrace opportunities which give exposure to different situations environments and perspectives.
• Use straightforward communication in a structured way when influencing and connecting with others.
• Able to read situations and modify behavior to build quality relationships.
• Uphold the firms code of ethics and business conduct.

Threat Hunter - CaaS

As a Threat Hunter (Senior Associate) within the Cyber as a Service (CaaS) practice youll work as part of a team of problem solvers helping to solve complex business issues from strategy to execution. Responsibilities include but are not limited to:

Required Qualifications:

• 4-9 years of experience in a technical role in the areas of Security Operations Threat Intelligence Incident Response or Penetration Testing/Red Team.
• At a minimum a Bachelors Degree in a relevant area of study with a preference for Computer Science Computer Engineering Cybersecurity or Information Security.
• Knowledge and experience working with various SIEM EDR NDR and Ticketing tools.
• Advanced knowledge of operating system internals and security mechanisms.
• Advanced knowledge and experience analyzing attacker techniques at all stages of a breach. Knowledge of MITRE ATT&CK and Cyber Kill-Chain is a must

Roles & Responsibilities:

• Continuously search for signs of advanced threats and anomalies within the network and systems even when no specific alerts or incidents have been triggered.
• Develop and execute proactive threat hunting queries use cases or algorithms to identify potential security risks.
• Stay updated on the latest threat intelligence feeds industry reports and emerging attack techniques.
• Analyze threat intelligence data to understand attacker tactics techniques and procedures (TTPs) and CKC phases and incorporate this knowledge into threat hunting activities.
• Investigate and analyze endpoints (computers servers and devices) for suspicious activities and indicators of compromise (IoCs).
• Utilize endpoint detection and response (EDR) tools to gather telemetry data and perform in-depth analysis.
• Analyze network traffic and flow data to identify unusual patterns unauthorized access and potential threats.
• Use network forensic tools and packet capture techniques to investigate network-based incidents if available and required.
• Identify deviations from normal behavior by studying user and entity behavior analytics (UEBA) and applying anomaly detection methods if applicable.
• Detect signs of lateral movement privilege escalation and other MITRE tactics by monitoring user accounts and permissions.
• Analyze suspicious files or malware samples to understand their functionality and assess the level of threat they pose.
• Collaborate with the L2 analyst team to develop mitigation strategies based on malware analysis.
• Develop and maintain threat hunting playbooks or runbooks that outline standardized procedures and methodologies for conducting threat hunting activities.
• Collaborate with L1 and L2 analysts and other relevant teams to ensure a coordinated response to identified threats.
• Communicate findings and recommendations effectively to technical and non-technical stakeholders.
• Stay up-to-date with the latest threat landscape attack vectors and cybersecurity technologies through ongoing research and professional development.
• Participate in knowledge-sharing initiatives within the threat hunting team to enhance collective expertise.
• Maintain detailed records of threat hunting activities including findings actions taken and outcomes.
• Prepare comprehensive reports on threat hunting results including recommended actions and areas for improvement.
• Work with internal and client teams to develop and implement mitigation and remediation strategies to eliminate or contain identified threats.
• Provide guidance on improving security controls and reducing the attack surface based on threat hunting findings.
• Ensure adherence to established threat hunting processes and procedures.
• Identify opportunities for process improvement and contribute to the enhancement of threat hunting methodologies.
• Be available for on-call schedules including evenings and weekends to assist with critical and high-severity security incidents and escalations.
• Maintain composure and efficiency in high-pressure situations.

Experience & Skills:

• 4-9 years of experience in a technical role in the areas of Security Operations Threat Intelligence Cyber Incident Response or Penetration Testing/Red Team.
• Experience in SIEM technologies such as Azure Sentinel Splunk ArcSight QRadar Exabeam LogRhythm
• Experience and knowledge of EDR and NDR technologies such as Cortex XDR CrowdStrike Carbon Black Cylance Defender DarkTrace
• Experience with ticketing system such as ServiceNow JIRA is considered a strong asset
• Knowledge ofoperating system internals OS security mitigations & understanding of Security challenges in Windows Linux Mac Android & iOSplatforms
• Experience and Knowledge working with Cyber Kill-Chain model and MITRE ATT&CK framework
• CISSP and any one or more of the following GIAC certifications: GCIA GSOC GMON GCDA GDAT GCED GCFE GCFA GNFA GREM GCLD preferred.
• Ability to use data to tell a story; ability to communicate findings and recommendations effectively to technical and non-technical stakeholders.
• Experience and knowledge of scripting languages such as JavaScript Python PHO Bash PowerShell etc. is an asset
• Experience with reverse engineering digital forensics (DFIR) or incident response or machine learning models is an asset
• Experience with offensive security including tools such as Metasploit exploit development Open Source Intelligence Gathering (OSINT) and designing ways to breach enterprise networks is an asset
• Experience in security device management and multiple SIEM platforms
• Proficient in preparation of reports dashboards and documentation
• Excellent communication and leadership skills
• Experience in performing vendor management
• Ability to handle high pressure situations with key stakeholders
• Good Analytical skills Problem solving and Interpersonal skills
• A demonstrated commitment to valuing differences and working alongside diverse people and perspectives

• Willing to work in US day shift (9AM EST - 5PM EST) / India night Shift (7 PM IST to 3 AM IST) and weekend support / on call support

Travel Requirements

Job Posting End Date