Incident Response and Security Operations Consultant

Background

PwC is a market leading provider of cyber security services to major organisations worldwide. Our global team of over 4,850 cybersecurity professionals includes specialised consultants, former law enforcement officials, forensic investigators, intelligence analysts, data scientists, legal professionals and industry leaders in cybersecurity and privacy. We are rated as a leader by multiple industry analysts for Global, EMEA and Asia-Pacific Cybersecurity Consulting services. 

Our multi-disciplined Cyber Incident Response (CIR) practice is central to this. Our team supports PwC’s clients in crisis to prepare, respond and recover from cyber attacks, as well as reduce the risk of attacks by using the insights we have gained from being at the front-lines of investigating these attacks. 

Now is an exciting time to join the team and help shape and execute ambitious plans over the next 5 years. A key part of this will be increasing our capacity to help our clients prepare for and reduce the risk of attacks. This includes working with our clients’ security operations teams to improve their ability to detect and respond to attacks, and with their IT teams to implement targeted technical improvements that increase “cost to the attacker”.

Our Cyber Incident Response practice works closely alongside many other of our front-line technical teams, including our global threat intelligence team, our Managed Cyber Defence threat hunting team and our ethical hacking practice. We also work with PwC’s dedicated crisis coordination team to provide support to clients at all levels of their organisations. 

Experience

We want team members with a strong technical understanding of how organisations can prevent, detect, assess and respond to cybersecurity threats and incidents, as well as how to build best of class incident response and security operations capabilities. 

We also want team members who will be passionate about developing and improving our technical consulting offerings using the insights gained from being at the front-lines of investigating these cyber attacks.

You should have a proven ability to lead teams and projects to deliver improvements to security operations and incident response functions, across people, process and technology. You will have an in-depth understanding of the processes, techniques and tools used by security operations and incident response teams. 

We are also looking for team members with high levels of communication skills, as well as consulting and project management experience. You will also be able to easily flex between work with both technical client stakeholders, such as SOC analysts, as well as senior stakeholders such as a Head of SOCs, Head of Cyber Security or CIO. 

You will ideally have experience such as:

• Developing cyber incident response plan, playbooks and processes that allow security operations team to rapidly and effectively respond to incidents;

• Collaborating with incident response teams to plan and deliver targeted remediation activities after cyber security incidents; 

• Designing prevention, detection and response strategies for organisations based on threat actor tools, techniques and procedures; 

• Building effective security operations capabilities and using purple team engagements to tune and validate detection tooling;

• Working collaboratively with IT teams to remediate vulnerabilities identified through red team engagements, penetration testing and vulnerability scanning; 

• Planning and coordination of large-scale security incident response, remediation and recovery efforts involving multiple parties and teams;

• Acting as the subject matter expert or technical team lead for organisations in cyber crisis and data breach situations, and providing technical response strategy and execution support to enable them to successfully resolve, remediate, and recover from cyber security incidents.

• A robust understanding of:

  • The typical techniques used by attackers, ranging from criminal to state affiliated groups.

  • Preventing and detecting common attacker techniques and the MITRE ATT&CK framework;

  • Tuning and configuring cyber security tools, for example SIEM and EDR tooling;

  • How enterprise IT networks, Active Directory and Azure AD operate.

Responsibilities 

We are looking for passionate, motivated and experienced individuals that can lead our work helping clients prepare for and reduce the risk of attacks. 

As this role would be part of our multidisciplinary Cyber Incident Response practice, this role would also include assisting the wider team to help clients respond to cyber security incidents and to manage our profilo of cyber incident response retainers. 

• Lead client engagements across our incident response services portfolio to help clients prepare for and reduce the risk of attacks, acting as the key point of contact for senior client stakeholders, setting direction for the project teams, and being accountable for the technical excellence of our delivery, examples include:

  • Assessing organisations’ ability to detect and respond to cyber attacks;

  • Understanding organisations’ vulnerability to specific cyber security threats;

  • Delivering remediation projects for client’s who have had cyber security incidents, and assisting plan cyber transformations;

  • Testing and improving cyber incident response plans, runbooks and processes;

  • Designing and implementing improvements to our clients detection tooling;

  • Using purple teaming to tune and validate detection capabilities; and,

  • Implementing targeted improvements to increase cost to the attacker.

• Contribute to capability development, proposition development and thought leadership initiatives;

• Provide mentoring and oversight to the incident response practice to help the team grow and develop;

• Collaborate and build relationships with PwC’s wider Cyber Security practice, sharing insights gained from responding to incidents and helping other teams win and deliver work; 

• Originate, cultivate and maintain relationships with existing and new clients, and support outreach and business development efforts in collaboration with other teams;

• Develop, enhance or refine the portfolio of incident response services in line with market trends, emerging threats, or opportunities for innovation or market disruption;

• Support the execution of our business strategy and growing PwC’s reputation in the cyber security market, for example by taking on responsibility for relationships with third parties such as technology alliance partners; and,

• Play a key role in PwC’s global incident response community to support knowledge sharing, practice development and to pursue opportunities in collaboration with global colleagues.

.

Risk
Risk is all around us and in our complex world, is changing all the time. Our teams bring people from diverse backgrounds together, using their skills and cutting-edge technology, to help solve complex problems. We are pioneers in a world of changing risk and our market leading services build resilient organisations. Join us and together, we can support our clients to rethink risk.

Not the role for you?
Did you know PwC offers flexible career arrangements and contract work? Learn more.

The skills we look for
The PwC Professional is our global framework for defining and encouraging leadership at all levels. Learn more.

The Deal
‘The Deal’, our firmwide Employee Value Proposition’ empowers our people to be the best they can be. Learn more.

Our commitment to you
We’re committed to building a culture that empowers all of our people to thrive and feel a sense of belonging at PwC. Learn more.

Application support
If you’re a person with a disability, if you’re neurodivergent, or if you have a condition that you believe may affect your performance during our selection process, we’ll be happy to make reasonable adjustments to our processes for you. Learn more.