Managed Cyber Defence - XSOAR Engineer

Cyber security is one of the defining topics of our age, and cyber risk represents one of the most significant strategic risks to PwC’s clients.  In a recent PwC survey it remains the top risk in the minds of CEO’s globally, with 91% of UK CEOs rating it as a significant concern.   Businesses are changing rapidly, facing disrupted supply chains, rapidly changing workforces and accelerating digital transformation on an unprecedented scale.

At PwC we help our clients transform, and our cyber security practice enables them to execute that transformation securely and to become more resilient to cyber security threats.  Our cyber security practice operates nationally, and serves clients holistically with both strategy, risk and governance advice, and with deep technical implementation and assurance expertise. 

As one of the largest cyber security specialist consulting practices in the UK, we have over 250 practitioners who range from business risk advisors who work with CEOs, CFOs and boards, to transformation specialists who execute major change programmes, to deep technical SMEs who help clients implement controls to secure their businesses from attack, and support them to respond when an attack occurs. 

Our practice is experiencing significant growth which is driven by demand from our clients for greater assistance in dealing with increasingly complex cyber security risks, and support in executing their change and growth agendas securely.  We believe helping our clients gain confidence in their digital future is essential to their growth, and as a result our cyber security practice is one of the key growth priorities of our firm. 

Our Managed Cyber Defence team provides a 24x7x365 security managed service to our clients, from hubs based in the UK & New Zealand. Our services include endpoint detection and response (EDR), network threat detection (NTD) as well as fully managed SOC & extended detection and response (XDR) services.

We partner with leading technology providers such as Palo Alto Networks and Google Cloud Security, and utilise the experience of our Threat Intelligence & Incident Response practices to create fully managed detection and response capabilities for our clients. 

The XSOAR DevOps Engineer role will primarily focus on developing and maintaining the Managed Cyber Defence detections and automations essential to delivery of the service, built on the Palo Alto Cortex XSOAR platform.  The DevOps team deploys and maintains the infrastructure used in the delivery of the service in addition to being instrumental in developing new capabilities.  

Within the role you will help in the cyber defence of complex, enterprise-wide digital security environments by providing strong technical input to the MCD teams  and supporting wider service functions in solving important client challenges. 

• Working alongside our Threat Detection Engineers to design response actions to newly created detection rules.

• Work closely with the SOC and Engineering teams to improve existing automations.

• Research and implement new playbooks that can be used within the SOC.

• Integrate new logging sources and build playbooks to properly triage and respond to security incidents while reducing the time needed to analyse each event.

• Document all system changes.

• Deploy and maintain and troubleshoot the XSOAR environment in GCP.

• Integrations with external environments including CRM systems, messaging such as Slack and Teams and CMDB systems.

• Working with the MCD team to deliver new service capabilities and functionality.

• Experience with Security Orchestration, Automation and Response (SOAR) tools and technologies (e.g. XSOAR/Demisto, Phantom, Sentinel etc.).

• Understanding of common SOC and SOAR processes and workflows.

• Experience with creating playbooks to respond to security incidents.

• Deploying and maintaining systems in GCP.

• Using scripting languages for automation (JavaScript, Python, PowerShell).

• Working experience and knowledge of Linux, Windows, Mac and Android operating systems.

• Using Automation tools such as Puppet and Terraform.

• Experience using Docker.

• Experience working with REST APIs, optionally SOAP.

• Knowledge of security frameworks including MITRE ATT&CK.

• The ability to work under pressure, demonstrating drive and a positive approach to work.

• Ability to learn and develop new skills whilst showing that you can prioritise work efficiently and productively and manage your time well.

• Recognises and embraces change, seeking opportunities to foster innovation and continuous improvement.

• Self-motivator, results and quality orientated, good organisational skills, attention to detail, positive helpful attitude. 

Our team is predominantly based in our Glasgow & Edinburgh offices, however our Managed Cyber Defence team is part of a wider national practice which serves clients globally.  As such we are willing to consider candidates to work based in our London or Cardiff offices.  Occasional travel to support client needs is typically expected; however we actively support and promote flexible and hybrid working consistent with business and client needs.

Our purpose as a cyber security practice is to help solve complex problems and build a secure digital society.  Within our practice, you will have the opportunity to broaden experience across industries, manage teams in delivering engagements at scale, build relationships with clients and senior groups, and be involved in big business changes.  

You’ll contribute to delivering cyber security to some of the world’s most iconic companies and brands, and to helping them to build their cyber defences, assure those defences and respond to incidents.  Working in cyber security at PwC will give you unparalleled breadth of experience, and insight into how a wide range of client businesses work.

You’ll work in a team where we mix a supportive and collaborative culture with a challenging and high performance one.  You’ll be rewarded for your contribution and impact in building our business and delivering on our purpose.

You’ll be supported to develop your career by an experienced and close-knit team of Partners and Directors who will invest in your career and experience and provide you with mentoring and coaching to transition to PwC and grow your career in our firm.

Risk
Risk is all around us and in our complex world, is changing all the time. Our teams bring people from diverse backgrounds together, using their skills and cutting-edge technology, to help solve complex problems. We are pioneers in a world of changing risk and our market leading services build resilient organisations. Join us and together, we can support our clients to rethink risk.

Not the role for you?
Did you know PwC offers flexible career arrangements and contract work? Learn more.

The skills we look for
The PwC Professional is our global framework for defining and encouraging leadership at all levels. Learn more.

The Deal
‘The Deal’, our firmwide Employee Value Proposition’ empowers our people to be the best they can be. Learn more.

Our commitment to you
We’re committed to building a culture that empowers all of our people to thrive and feel a sense of belonging at PwC. Learn more.

Application support
If you’re a person with a disability, if you’re neurodivergent, or if you have a condition that you believe may affect your performance during our selection process, we’ll be happy to make reasonable adjustments to our processes for you. Learn more.