Listing Description
PwC’s Global Threat Intelligence team is seeking technical intelligence analysts who have a passion and aptitude for stopping malicious activity and cyber crime in its tracks.
PwC’s Global Threat Intelligence practice focuses on the identification of novel intrusion techniques and tracking of several hundred threat actors, ranging from organised crime groups to state affiliated espionage actors, originating from more than 25 countries.
The practice is responsible for the development and delivery of technical and strategic threat research and intelligence services and provides:
- Subscription and bespoke research services to public and private sector intelligence clients globally;
- Intelligence support to, and collection from incident response and managed threat hunting teams;
- Insight to our adversary emulation team on novel tools and techniques used by cyber threat actors; and,
- Access to cutting edge research to inform and underpin all services provided by PwC’s several thousand strong cyber security consulting practice.
As a technical analyst within PwC’s Global Threat Intelligence practice you’ll delve into threat actor campaigns and incident response cases relevant to PwC’s vast client base which spans more than 150 countries and ranges from NGOs to the world’s largest corporates. You’ll develop a deep understanding of the tools and techniques used by threat actors, help our clients understand the threats they face, and enable them to better defend their networks. You could be involved in monitoring C2 infrastructure for an actor, targeted attack activity in a specific region, the evolution of specific malware families, and everything in between.
Responsibilities
If you’re interested in tackling international espionage, uncovering criminal activity & tracking hacktivists – we’re keen to talk to you. We expect you will already be able to demonstrate experience in one or more of the following areas:
- Developing collection and tracking techniques to identify new threat actors and campaigns, monitor the activity of known actors, and methodically attribute new activity from both open and closed data sources using a variety of bespoke, commercial and open source tools and systems.
- Participating in analysis surges to renew and further develop knowledge on new and existing threat actors.
- Applying a robust analytical methodology to support conclusions in relation to specific threat actors, and an ability to rationalise and articulate your conclusions.
- Understanding of network protocols, attack lifecycles and actor tradecraft.
- Supporting the generation of analytic content, detection concepts, and network and host based detection methods;
- Static and dynamic reverse engineering in order to identify and classify new samples, understand C2 protocols and functional capability.
- Researching and developing new tools and scripts to continually update or improve our threat intelligence automation processes, collection methods and analytical capability.
- Supporting incident response and Managed Cyber Defence teams with ad-hoc analysis requests, and organising the collection, processing and analysis of artifacts and indicators identified from client incidents.
- Support business as usual operations such as monitoring open source for new information and responding to ad-hoc client RFIs.
- Delivering reports and presentations based on research into emerging threats, sharing your findings with clients, or with the public or security community via blogs, conference presentations etc.
Desirable but non essential skills
- An understanding of common analysis techniques and frameworks used in CTI, such as threat modeling techniques like the Diamond model, Kill Chain, and F3EAD.
- Knowledge of open source and commercial platforms, tools and frameworks used within threat intelligence teams, such as threat intelligence platforms, malware sandboxes and reverse engineering tools, such as Ghidra or IDA Pro.
- Experience with Maltego, including custom transforms, and its use in mapping out intrusion sets.
- Baseline knowledge of threat actors, attribution concepts, and high profile cyber incidents;
- Expertise in Python; and,
- Competency exploiting common intelligence datasets, including commercial repositories of information relating to malware and internet data (domain, IP, netflow, certificate tracking etc.), and closed sources including incident response and other bespoke collection.
- Language skills - in particular Mandarin, Cantonese, Russian, or Persian/Farsi.
Listing Details
- Citizenship: Not Provided
- Incentives: Bonus
- Education: Not Provided
- Travel: Travel 25
- Telework: Optional Telecommute