Threat Intel Developer - PwC UK, NL, DE, AU Bookmark Share Print 859 0 1

Listing Description

PwC is hiring dedicated developers for our Global Threat Intelligence practice to work on bespoke collection, automation and and analysis platforms.

Our Global Threat Intelligence practice focuses on the identification of novel intrusion techniques and tracking of several hundred threat actors, ranging from organised crime groups to state affiliated espionage actors, originating from more than 25 countries.

The practice is responsible for the development and delivery of technical and strategic threat research and intelligence services and provides:

• Subscription and bespoke research services to public and private sector intelligence clients globally;
• Intelligence support to, and collection from incident response and managed threat hunting teams;
• Insight to our adversary emulation team on novel tools and techniques used by cyber threat actors; and,
• Access to cutting edge research to inform and underpin all services provided by PwC’s several thousand strong cyber security consulting practice.

Our bespoke technology platforms and automation are important to our success as we continue to scale, ensuring that analysts have robust tools to collect and analyse data, and our clients have reliable access to intelligence products.

Responsibilities

• Develop a range of automated tools / systems, both to interface with third party APIs and to directly collect bespoke data for our threat intelligence team.
• Build and maintain a client facing REST API used by our customers to access PwC intellectual property, and associated technologies such as Slack bots.
• Build and maintain internal tools, systems and REST APIs used by the team, for example to publish and distribute finished intelligence reporting, and maintain internal databases of technical intelligence. Provide oversight, challenge and input to capability development, proposition development and thought leadership initiatives.
• Collaborate with other service owners (for instance managed security monitoring service owners) to support them in consuming our intelligence in their services in an automated fashion.
• Liaise with internal security teams during the development and launch of new technologies, ensuring we follow best practices and firmwide procedures.
• Contribute to internal documentation for both technical (devops) and non-technical (analyst, customer) audiences.
• Provide mentoring and oversight to other developers to help the team grow and develop.
• Help to grow PwC’s reputation in the cyber security market, building trusted relationships with external partners.

Experience

We’re looking for passionate and motivated developers to join our team and build the tools we use to streamline and automate data collection, analysis and reporting. You will ideally have knowledge and experience of the following:

• Liaising with users to collect requirements, prioritise tasks and plan development sprints — balancing development of new capability with maintenance of existing systems.
• Building, testing, deploying, and maintaining automation tools using modern development practices (Python and Golang).
• Building and maintaining REST APIs and web applications using Python / JS (Flask / FastAPI / AJAX).
• Using PaaS / IaaS components from cloud providers, such as Google Cloud Platform (GCP), including K8s / AppEngine.
• Integrating disparate systems and data sources into analytical platforms, or orchestrating actions via APIs across multiple systems.
• Using data storage solutions including MySQL / Elasticsearch / Datastore and analysis techniques including Cloud Dataflow and BigQuery (or equivalent).
• Deploying code using CI/CD, including the designing of pipelines and use of containers and appropriate security hardening for internet facing services.
• Documenting throughout the lifecycle of a project, both for end users and other developers.
• Debugging / Refactoring problems, including existing systems, to diagnose and fix issues that arise.

Desirable skills for this role include:

• Familiarity with the intelligence lifecycle, and mechanisms for collecting data safely, legally and ethically.
• Familiarity with common tools or platforms used in threat intelligence teams, such as malware sandboxes, threat intelligence platforms, visualisation and link analysis tools.
• Managing a small team of developers, aligned to the principles above, to achieve goals agreed with business needs.