Endpoint Detection Engineering Manager

PwC’s Global Threat Intelligence and Detection Engineering practice is seeking a technical endpoint detection engineer and threat hunter who has a passion and aptitude for developing behavioural techniques and analytics to detect adversary behaviour in enterprise IT networks.The team focuses on the identification of novel intrusion techniques and tracking of several hundred threat actors, ranging from organised crime groups to state affiliated espionage actors, originating from more than 25 countries.It is responsible for the development and delivery of technical and strategic threat research and intelligence services and provides:Subscription behavioural threat hunting content and intelligence research to public and private sector clients globally;Intelligence support to, and collection from incident response and managed threat hunting teams;Insight to our adversary emulation team on novel tools and techniques used by cyber threat actors; and,Access to cutting edge research to inform and underpin all services provided by PwC’s several thousand strong cyber security consulting practice.As a detection engineer within PwC’s Global Threat Intelligence practice you will lead research and engineering efforts for novel blue team and threat hunting techniques with endpoint telemetry, and develop and refine a bespoke content library for EDR solutions such as Microsoft Defender for Endpoint, Palo Alto Networks Cortex XDR and Tanium. You will work closely with threat research and incident response teams investigating attacker activity in the wild, red teams seeking to develop new techniques, and managed services teams deploying your content into client environments, where you will also work with telemetry for testing purposes.

Responsibilities and experience

If you’re interested in developing detection content and analytical techniques to combat state sponsored espionage, human operated ransomware intrusions and insider threats, we’re keen to talk to you. We expect you will already be able to demonstrate experience in several of the following areas:

• Supporting the generation of analytic content, detection concepts, and host based detection methods;

• Developing and documenting behavioural detection content for EDR solutions.

• Testing and tuning of detection content in production environments to ensure robustness.

• Deep technical understanding of MITRE ATT&CK and its use in mapping detection coverage.

• Familiarity with common detection content grammars, such as Sigma or Yara, and their use in standardising cross-platform detection capability.

• Threat hunting principles, techniques and real-world application in enterprise IT environments.

• Managing custom content in large-scale EDR deployments.

• Understanding of network intrusion lifecycles and actor tradecraft.

• Proactively analysing malware behaviour, attacker tools, and newly discovered techniques for new detection opportunities.

• The use of automation or orchestration techniques to streamline the investigation of alerts or minimise false positives.

• Researching and developing new tools and scripts to continually update or improve our threat detection automation processes, collection methods and analytical capability.

• A detailed understanding of the Windows operating system, Active Directory, and associated security events and telemetry.

• Improving the level of logging or telemetry from enterprise IT environments in order to maximise the potential for behavioural detection content to be applied.

• Delivering reports and presentations based on research into emerging threats, communicating your findings with adjacent teams and clients, or with the public or security community via blogs, conference presentations etc.

Desirable but non essential skills

• Experience developing, mentoring or training junior staff.

• Experience with incident response techniques in enterprise or cloud environments.

• Experience using version control systems and CI/CD pipelines.

• Experience in Python scripting.

Risk
Risk is all around us and in our complex world, is changing all the time. Our teams bring people from diverse backgrounds together, using their skills and cutting-edge technology, to help solve complex problems. We are pioneers in a world of changing risk and our market leading services build resilient organisations. Join us and together, we can support our clients to rethink risk.

Not the role for you?
Did you know PwC offers flexible career arrangements and contract work? Learn more.

The skills we look for
The PwC Professional is our global framework for defining and encouraging leadership at all levels. Learn more.

The Deal
‘The Deal’, our firmwide Employee Value Proposition’ empowers our people to be the best they can be. Learn more.

Our commitment to you
We’re committed to building a culture that empowers all of our people to thrive and feel a sense of belonging at PwC. Learn more.

Application support
If you’re a person with a disability, if you’re neurodivergent, or if you have a condition that you believe may affect your performance during our selection process, we’ll be happy to make reasonable adjustments to our processes for you. Learn more.