PricewaterhouseCoopers Jobs

Job Information

PwC Cybersecurity - Incident and Breach Response, Senior Associate in Washington, District Of Columbia

Line of Service: Advisory

Specialty/Competency: Cybersecurity & Privacy

Industry/Sector: Not Applicable

Time Type: Full time

Government Clearance Required: No

Available for Work Sponsorship: Yes

Travel Requirements: Up to 40%

A career in our Incident and Crisis Management practice, within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. You’ll play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats. Our team helps organisations manage their controls over access to critical systems and assets during a crisis or an active cyber threat. As part of the team, you’ll help us develop controls to stay ahead of a crisis, but also help us maintain security and information risk by responding and remediating any current or future cyber threats.

To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.

As a Senior Associate, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:

  • Use feedback and reflection to develop self awareness, personal strengths and address development areas.

  • Delegate to others to provide stretch opportunities, coaching them to deliver results.

  • Demonstrate critical thinking and the ability to bring order to unstructured problems.

  • Use a broad range of tools and techniques to extract insights from current industry or sector trends.

  • Review your work and that of others for quality, accuracy and relevance.

  • Know how and when to use tools available for a given situation and can explain the reasons for this choice.

  • Seek and embrace opportunities which give exposure to different situations, environments and perspectives.

  • Use straightforward communication, in a structured way, when influencing and connecting with others.

  • Able to read situations and modify behavior to build quality relationships.

  • Uphold the firm's code of ethics and business conduct.

Job Requirements and Preferences :

Basic Qualifications :

Minimum Degree Required :

Bachelor Degree

Required Fields of Study :

Computer and Information Science, Computer Applications, Computer Engineering, Forensic Science, Management Information Systems

Minimum Years of Experience :

3 year(s)

Certification(s) Required :

GIAC including GCFA, GCFE, GREM, GNFA, GCCC, and/or GCIA

Preferred Qualifications :

Degree Preferred :

Master Degree

Preferred Knowledge/Skills :

Demonstrates thorough abilities and/or a proven record of success in the following areas:

  • Applying incident handling processes including preparation, identification, containment, eradication, and recovery to protect enterprise environments;

  • Analyzing the structure of common attack techniques in order to evaluate an attacker's spread through a system and network, anticipating and thwarting further attacker activity;

  • Utilizing tools and evidence to determine the kind of malware used in an attack, including rootkits, backdoors, and Trojan horses, choosing appropriate defenses and response tactics for each;

  • Using memory dumps and memory analysis tools to determine an attacker's activities on a machine, the malware installed, and other machines the attacker used as pivot points across the network;

  • Acquiring infected machines and then detecting the artifacts and impact of exploitation through process, file, memory, and log analysis;

  • Analyzing a security architecture for deficiencies;

  • Recognizing and understanding common assembly-level patterns in malicious code, such as code injection, API hooking, and anti-analysis measures;

  • Deriving Indicators of Compromise (IOCs) from malicious executables to strengthen incident response and threat intelligence efforts;

  • Conducting in-depth forensic analysis of Windows operating systems and media exploitation focusing on Windows 7, Windows 8/8.1, Windows 10, and Windows Server 2008/2012/2016;

  • Conducting in-depth forensic analysis of *Nix operating systems and media exploitation focusing on CentOS, RHEL, Solaris, AIX, HPUX, and Ubuntu/Debian;

  • Identifying artifact and evidence locations to answer critical questions, including application execution, file access, data theft, external device usage, cloud services, anti-forensics, and detailed system usage;

  • Hunting and responding to advanced adversaries such as nation-state actors, organized crime, and hacktivists;

  • Extracting files from network packet captures and proxy cache files, allowing follow-on malware analysis, or definitive data loss determinations;

  • Examining traffic using common network protocols to identify patterns of activity or specific actions that warrant further investigation;

  • Detecting and hunting unknown live, dormant, and custom malware in memory across multiple Windows systems in an enterprise environment;

  • Identifying and tracking malware beaconing outbound to its command and control (C2) channel via memory forensics, registry analysis, and network connections;

  • Targeting advanced adversary anti-forensics techniques like hidden and time-stomped malware, along with utility-ware used to move in the network and maintain an attacker's presence;

  • Using memory analysis, incident response, and threat hunting tools to detect hidden processes, malware, attacker command lines, rootkits, network connections, and more;

  • Tracking user and attacker activity second-by-second on the system via in-depth timeline and super-timeline analysis; and,

  • Identifying lateral movement and pivots within client enterprises, showing how attackers transition from system to system without detection.

Demonstrates thorough abilities and/or a proven record of success in the following areas:

  • Network Analysis, Memory Analysis, Endpoint Analysis, Cyber Incident Lifecycle, NIST 800-61; and,

  • Programming Languages such as Python, Perl, C/C++, C#, PowerShell, BASH, and Batch;

Demonstrates experience with at least two of the following tools including: X-Ways, Rekall, Volatility, EnCase, Remnux, IDA, Capture.Bat, RegShot, Radare, OllyDbg, Wireshark, Network Miner, NFdump, Tanium, CarbonBlack, CylancePROTECT, and PLASO/Log2Timeline, FireEye HX, and Crowdstrike.

All qualified applicants will receive consideration for employment at PwC without regard to race; creed; color; religion; national origin; sex; age; disability; sexual orientation; gender identity or expression; genetic predisposition or carrier status; veteran, marital, or citizenship status; or any other status protected by law. PwC is proud to be an affirmative action and equal opportunity employer.

For positions based in San Francisco, consideration of qualified candidates with arrest and conviction records will be in a manner consistent with the San Francisco Fair Chance Ordinance.

For positions in Colorado, visit the following link for information related to Colorado's Equal Pay for Equal Work Act: https://pwc.to/coloradoadvisoryseniorassociate .

DirectEmployers