Cyber Incident Response Manager

About this role

Our Incident and Threat Operations services are central to this. We support PwC's clients in crisis across our global network to respond, remediate and recover from a wide variety of cyber attacks. We also support clients in developing detection engineering and threat hunting strategies for modern SecOps environments, and engineer automation and orchestration playbooks to streamline detection and response activities. We design playbooks for investigation, response, and recovery. We are assured by the UK NCSC under its Enhanced Cyber Incident Response scheme, to respond to sophisticated attacks on networks of national significance. Recent incidents we have responded to include human-operated ransomware attacks on some of the world's largest corporations, and APT intrusions at NGOs. Our investigation work spans cyber crime, corporate espionage and state affiliated threat actors. Our Incident and Threat Operations practice works closely alongside many other of our front-line technical teams to deliver an end to end incident response capability to clients, including our global threat intelligence team, our threat hunting team and our ethical hacking practice. We also work with PwC's dedicated crisis coordination team to provide support to clients at all levels of their organisations.

Responsibilities

• Perform high quality technical analysis, helping our clients to understand what happened during a cyber security incident or data breach.
• Produce high quality output in a variety of formats, from daily update briefs to full technical investigation reports.
• Support technical activities such as behavioural detection content creation in support of SecOps modernisation and orchestration engagements.
• Work alongside client teams and ensure we manage risk appropriately throughout the project lifecycle, following PwC's processes for client and engagement acceptance.
• Manage client engagements: acting as the key point of contact for client technical teams, setting daily direction for PwC's technical teams, and being accountable for the technical excellence of our delivery.
• Provide mentoring and oversight to the incident response practice to help the team grow and develop.
• Collaborate and build relationships with PwC's wider Cyber Security practice, sharing insights gained from responding to incidents and helping other teams win and deliver work.
• Play a role in PwC's global incident response community to support knowledge sharing, practice development and to pursue opportunities in collaboration with global colleagues.
• Assist other PwC teams including crisis, external audit and eDiscovery with cyber subject matter expertise.

This role is for you if you have the following experience

• A robust understanding of, and recent hands-on experience with two or more of the following: digital forensics and technical incident response; enterprise security operations capabilities and tooling; addressing detection coverage in EDR/SIEM solutions for ATT&CK TTP gaps; enterprise IT networks and Active Directory; and, cloud services such as Microsoft 365, Azure, GCP, and AWS.
• A keen eye for detail, and the ability to solve challenging technical problems.
• The capability to explain your technical findings to a variety of audiences, including non-technical individuals.
• An understanding of threat actors and techniques used to compromise organisations.
• The ability to build relationships with colleagues, other members of PwC and our clients.
• Training and mentoring other team members in both technical and soft skills.
• Familiarity with, or experience delivering, incident readiness and preparedness services, such as tabletop exercises, threat briefings, incident playbooks or runbooks, and capability gap analysis.
• Acting as the investigation lead for small to medium sized cyber incidents, including overseeing the work of other team members.
• Scoping solutions for clients, for both preparatory and emergency work, and leading the response to client requirements.