Incident Response Manager
  • United Kingdom Reading
  • PwC UK
1 year before
31.12.2023
Protect and Defend
Incident Response
Job Description

PwC PwC is a market leading provider of cyber security services to major organisations worldwide. Our global team of cybersecurity professionals includes former law enforcement officials, forensic investigators, intelligence analysts, data scientists, malware analysts, legal professionals and industry leaders in cybersecurity and privacy. We are rated as a leader by multiple industry analysts for Global, EMEA and Asia-Pacific Cybersecurity Consulting services. Our Cyber Incident Response practice is central to this. Our team supports PwC’s clients in crisis across our global network to respond, remediate and recover from cyber attacks. The technical work we conduct helps clients to understand how an incident occurred and how to effectively respond. We also assist clients to prepare (before incidents) and recover (after incidents) through a variety of complementary technical services. We are accredited by the UK National Cyber Security Centre under the Cyber Incident Response scheme, to respond to sophisticated attacks on networks of national significance. Recent incidents we have responded to include human-operated ransomware attacks on some of the world’s largest corporations, and state-sponsored intrusions at NGOs. Our investigation work spans cyber crime, corporate espionage and state affiliated threat actors. Our Cyber Incident Response practice works closely alongside many other of our front-line technical teams to deliver an end to end incident response capability to clients, including our global threat intelligence team, our threat hunting team and our ethical hacking practice. We also work with PwC’s dedicated crisis coordination team to provide support to clients at all levels of their organisations.

Experience

We’re looking for passionate and motivated incident responders at Principal Analyst (Manager) to join our rapidly growing team. Our team members have a strong technical understanding of how to respond to cyber attacks, and help our clients across the whole lifecycle from preparation to investigation and remediation.

You Will Ideally Have Skills & Experience Such As

A robust understanding of, and recent hands-on experience with:
digital forensics and technical incident response;
enterprise security operations capabilities and tooling;
enterprise IT networks and Active Directory; and,
cloud services such as Microsoft 365, Azure, GCP, and AWS.
A keen eye for detail, and the ability to solve challenging technical problems.
The capability to explain your technical findings to a variety of audiences, including non-technical individuals.
An understanding of threat actors and techniques used to compromise organisations.
The ability to build relationships with colleagues, other members of PwC and our clients.
Familiarity with, or experience delivering, incident readiness and preparedness services, such as tabletop exercises, threat briefings, incident playbooks or runbooks, and capability gap analysis.
Acting as the investigation lead for small to medium sized cyber incidents, including overseeing the work of other team members.
Scoping solutions for clients, for both preparatory and emergency work, and leading the response to client requirements.
Training and mentoring other team members in both technical and soft skills.

Responsibilities

Perform high quality technical analysis, helping our clients to understand what happened during a cyber security incident or data breach.
Produce high quality output in a variety of formats, from daily update slides to full technical investigation reports.
Work closely with clients to understand their needs and build lasting relationships.
Contribute to capability development (including helping further improve our cloud-based analysis platform), proposition development and thought leadership initiatives.
Work alongside client teams and ensure we manage risk appropriately throughout the project lifecycle, following PwC’s processes for client and engagement acceptance.
Manage client engagements: acting as the key point of contact for client technical teams, setting daily direction for PwC’s technical teams, and being accountable for the technical excellence of our delivery.
Provide mentoring and oversight to the incident response practice to help the team grow and develop.
Collaborate and build relationships with PwC’s wider Cyber Security practice, sharing insights gained from responding to incidents and helping other teams win and deliver work.
Play a role in PwC’s global incident response community to support knowledge sharing, practice development and to pursue opportunities in collaboration with global colleagues.
Assist other PwC teams including crisis, external audit and eDiscovery with cyber subject matter expertise.

Risk

Risk is all around us and in our complex world, is changing all the time. Our teams bring people from diverse backgrounds together, using their skills and cutting-edge technology, to help solve complex problems. We are pioneers in a world of changing risk and our market leading services build resilient organisations. Join us and together, we can support our clients to rethink risk.

Not the role for you?

Did you know PwC offers flexible career arrangements and contract work? Learn more.

The Skills We Look For

The PwC Professional is our global framework for defining and encouraging leadership at all levels. Learn more.

The Deal

‘The Deal’, our firmwide Employee Value Proposition’ empowers our people to be the best they can be. Learn more.

Our commitment to you

We’re committed to building a culture that empowers all of our people to thrive and feel a sense of belonging at PwC. Learn more.

Application support

If you’re a person with a disability, if you’re neurodivergent, or if you have a condition that you believe may affect your performance during our selection process, we’ll be happy to make reasonable adjustments to our processes for you. Learn more.

Risk


Quick response

Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0021   Knowledge of data backup and recovery.
  • K0026   Knowledge of business continuity and disaster recovery continuity of operations plans.
  • K0058   Knowledge of network traffic analysis methods.
  • K0062   Knowledge of packet-level analysis.
  • K0230   Knowledge of cloud service models and how those models can limit incident response.
  • K0259   Knowledge of malware analysis concepts and methodologies.

Required Skills
  • S0079   Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
  • S0173   Skill in using security event correlation tools.
  • S0365   Skill to design incident response for cloud service models.

Required Abilities
  • A0121  Ability to design incident response for cloud service models.
  • A0128  Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.