CDandE - Cyber Security- Incident Response - Senior Associate - Bangalore

At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In cybersecurity incident management at PwC, you will focus on effectively responding to, and mitigating, cyber threats, maintaining the security of client systems and data. You will be responsible for identifying, analysing, and resolving security incidents to minimise potential damage and protect against future attacks.

Focused on relationships, you are building meaningful client connections, and learning how to manage and inspire others. Navigating increasingly complex situations, you are growing your personal brand, deepening technical expertise and awareness of your strengths. You are expected to anticipate the needs of your teams and clients, and to deliver quality. Embracing increased ambiguity, you are comfortable when the path forward isn’t clear, you ask questions, and you use these moments as opportunities to grow.

Skills

Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to:

• Respond effectively to the diverse perspectives, needs, and feelings of others.
• Use a broad range of tools, methodologies and techniques to generate new ideas and solve problems.
• Use critical thinking to break down complex concepts.
• Understand the broader objectives of your project or role and how your work fits into the overall strategy.
• Develop a deeper understanding of the business context and how it is changing.
• Use reflection to develop self awareness, enhance strengths and address development areas.
• Interpret data to inform insights and recommendations.
• Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance), the Firms code of conduct, and independence requirements.
  
  

Preferred Knowledge/Skills

Demonstrates thorough abilities and/or a proven record of success in the following areas:

• Experience and familiarity with leading Endpoint Detection and Response tools (e.g. Defender, Carbon Black, Sentinel One, CrowdStrike)
• Understanding of either Microsoft Azure, AWS or Google Cloud; particularly around risk based authentication, privileged access management.
• Understanding of key IT infrastructure products, including Active Directory.
• Experience with securing Active Directory (AD) environments, including Group Policy configuration, permissions management, and best practices for identity and access control.
• Azure Active Directory Security: Proven experience with conditional access, multi-factor authentication, and securing hybrid identity environments.
• Identity & Access Management: Familiarity with Single Sign-On (SSO), identity federation, and lifecycle management for accounts and permissions.
• Office 365 (M365) Security: In-depth knowledge of Office 365 security features, including advanced threat protection, DLP, and compliance management.
• Familiarity with PowerShell scripting for automating O365 security configurations and audits.
• Analyzing the structure of common attack techniques in order to evaluate an attackers spread through a system and network, anticipating and thwarting further attacker activity;
• An understanding of common attack techniques performed by threat actors, including identity based attacks, choosing appropriate defenses and response technique for each.
• Applying incident handling processes including preparation, identification, containment, eradication, and recovery to protect enterprise environments;
• Acquiring infected machines and then detecting the artifacts and impact of exploitation throughlog analysis;
• Deriving and pivoting off of Indicators of Compromise (IOCs) from malicious executables to strengthen incident response and threat intelligence efforts;
• Identifying artifact and evidence locations to answer critical questions, including application execution, file access, data theft, external device usage, cloud services, anti-forensics, and detailed system usage;
• Hunting and responding to advanced adversaries such as nation-state actors, organized crime, and hacktivists;
• Detecting and hunting unknown live, dormant, and custom malware across multiple Operating Systems in an enterprise environment;
• Targeting advanced adversary anti-forensics techniques like hidden and time-stomped malware, along with utility-ware used to move in the network and maintain an attackers presence;
• Experience utilizing and contributing to knowledge management systems such as confluence as part of a technical team;-Tracking user and attacker activity second-by-second on the system via in-depth timeline and super- timeline analysis; and,
• Identifying lateral movement and pivots within client enterprises, showing how attackers from system to system without detection.
• Demonstrates thorough abilities and/or a proven record of success in the following areas:
• Network Analysis, Cyber Forensics Evidence Collection, Endpoint Analysis, Cyber Incident Lifecycle, NIST 800-61; and, Programming Languages such as Python, and PowerShell; Demonstrates experience with at least one of the following tools including: X-Ways, Rekall, Volatility, EnCase, Remnux, IDA, Capture.Bat, RegShot, Radare, OllyDbg, Wireshark, Network Miner, NFdump, SentinelOne, CarbonBlack, CylancePROTECT, and PLASO/Log2Timeline, FireEye HX, and Crowdstri
  

Minimum Degree Required

Bachelor Degree

Required Fields Of Study

Computer and Information Science, Computer Applications, Computer Engineering, Forensic Science, Management Information Systems

Certification(s) Preferred

GIAC including GCFA, GCFE, GREM, GNFA, GCCC, and/or GCIA

---