Senior Associate: Digital Forensics/Incident Response

Management Level

Senior Associate

Job Description & Summary

At PwC our people in forensic services focus on identifying and preventing fraudulent activities conducting investigations and maintaining compliance with regulatory requirements. Individuals in this field play a crucial role in safeguarding organisations against financial crimes and maintaining ethical business practices.

In fraud investigations and regulatory enforcement at PwC you will focus on identifying and preventing fraudulent activities conducting investigations and confirming compliance with regulatory requirements. You will play a crucial role in safeguarding organisations against financial crimes and maintaining ethical business practices.

Focused on relationships you are building meaningful client connections and learning how to manage and inspire others. Navigating increasingly complex situations you are growing your personal brand deepening technical expertise and awareness of your strengths. You are expected to anticipate the needs of your teams and clients and to deliver quality. Embracing increased ambiguity you are comfortable when the path forward isnt clear you ask questions and you use these moments as opportunities to grow.

Examples of the skills knowledge and experiences you need to lead and deliver value at this level include but are not limited to:

• Respond effectively to the diverse perspectives needs and feelings of others.
• Use a broad range of tools methodologies and techniques to generate new ideas and solve problems.
• Use critical thinking to break down complex concepts.
• Understand the broader objectives of your project or role and how your work fits into the overall strategy.
• Develop a deeper understanding of the business context and how it is changing.
• Use reflection to develop self awareness enhance strengths and address development areas.
• Interpret data to inform insights and recommendations.
• Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance) the Firms code of conduct and independence requirements.

Main purpose of the role

Conduct incident and investigation post-mortem analysis and reporting;

Conduct forensic investigations including physical/logical disk network packet capture memory analysis or malware analysis;

Use EDR/XDR tools to triage and respond to cyber incidents;

Plan organise and devise approaches necessary to respond to incidents and obtain useful forensic information from the evidence collected;

Prioritising and differentiating between potential intrusion activity and false alarms;

Provide technical guidance to investigations to correctly gather analyse and present digital evidence to both business and legal audiences;

Collate conclusions and recommendations and present forensics findings to stakeholders;

Contribute to the development of internal scripts and tools for incident response; Correlate threat intelligence with active attacks and vulnerabilities within the enterprise;

Research and test out new DFIR tooling and techniques;

Provide incident response support services for client assignments; and

Assist with crisis management and driving the incident response capabilities to deal with emerging threats.

Skills and Experience

Experience in forensic capture and investigation tools such as EnCase X-Ways SIFT or FResponse;

Knowledge of Windows system internals and ability to identify common indicators of compromise from dead or live systems and live memory using tools such as the SysInternals suite RegRipper Volatility or Mandiant Redline;

Experience of gleaning and analysing security information from enterprise network and host based sensors such as IDS/IPS systems HIDS SIEMs AD controllers and firewalls;

Expertise analysing raw network traffic captures or deployment and use of network forensics or monitoring devices such as FireEye Solera WireShark SNORT or Netwitness;

Knowledge of offensive security and ethical hacking techniques together with Threat Intelligence methodologies.

Consulting experience deploying and using enterprise EDR or investigative products such as Tanium Carbon Black Mandiant MIR CrowdStrike Falcon or EnCase Cybersecurity (advantageous); and

Knowledge of scripting languages such as Python Perl or PowerShell and their use in forensic analysis and live incident response or experience using other programming languages to develop software for host-centric network-centric or log-centric security analysis

Qualifications

BsC Computer Science Bcom IT or other relevant qualifications.

Industry recognised certifications

Experience

Management Experience would be an advantage;

2-3 years experience in incident response and/or cybersecurity;

Digital forensics experience would be an advantage; and

Consulting experience would be advantageous.

Key Competencies:

The ability to draw insights from diverse data sets to aid investigations;
Strong networking and general technical IT understanding;
Basic scripting;
Understanding of ISO and NIST standards
Pro-active and committed to delivery
Ability to perform under pressure
Planning and organising ability
Conflict management
Analytical and solutions driven
Flexible and adaptable to change
Report writing

Drivers Licence

Essential (Non-negotiable). Own transport is required.

Overtime

In some instances overtime will be required to meet project deliverables.

Travel Extensive travel required in the Gauteng region and nationally. Occasional travel internationally. Further given the nature of the role travel could be at short notice.

Language

The incumbent must be fluent in English. Fluency in any other official language(s) would be advantageous

Travel Requirements

Up to 20%

Available for Work Visa Sponsorship

No

Job Posting End Date

June 30 2025