Cybersecurity, Privacy and Forensics - Cyber Incident Response - Manager

Posted 16 Hours Ago
Be an Early Applicant
Boston, MA
Hybrid
100K-232K Annually
Senior level
Artificial Intelligence • Professional Services • Business Intelligence • Consulting • Cybersecurity • Generative AI
At PwC, our purpose is to build trust in society and solve important problems.
The Role
The Cyber Incident Response Manager will lead efforts to address critical cybersecurity challenges for clients, enhancing their threat detection and response capabilities. This role involves coaching team members, managing complex business issues, and utilizing a range of information to develop recommendations while fostering trusted client relationships.
Summary Generated by Built In

A career in our Cybersecurity, Privacy and Forensics will provide you the opportunity to solve our clients most critical business and data protection related challenges. You will be part of a growing team driving strategic programs, data analytics, innovation, deals, cyber resilency, response, and technical implementation activities. You will have access to not only the top Cybersecurity, Privacy and Forensics professionals at PwC, but at our clients and industry analysts across the globe. The Cyber Incident Response team focuses on supporting some of the world's largest brands by helping to enhance their threat detection and response capabilities in light of a dynamic threat environment. Every day we help our clients prevent, detect, and respond to advanced cyber attacks, technology disruptions, and insider threats by conducting root cause and intrusion investigations, proactive threat hunts, and by helping clients prepare, respond, and recover from external and internal threat actors. Our team partners with clients to help them understand the operational security controls needed to detect and prevent compromises. Additionally, as a core member of PwC's Global Threat Intelligence network we have real time insights into a diverse set of threat actors and are on the cutting edge of cybersecurity.
To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be an authentic and inclusive leader, at all grades/levels and in all lines of service. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.
As a Manager, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:

  • Pursue opportunities to develop existing and new skills outside of comfort zone.
  • Act to resolve issues which prevent effective team working, even during times of change and uncertainty.
  • Coach others and encourage them to take ownership of their development.
  • Analyse complex ideas or proposals and build a range of meaningful recommendations.
  • Use multiple sources of information including broader stakeholder views to develop solutions and recommendations.
  • Address sub-standard work or work that does not meet firm's/client's expectations.
  • Develop a perspective on key global trends, including globalisation, and how they impact the firm and our clients.
  • Manage a variety of viewpoints to build consensus and create positive outcomes for all parties.
  • Focus on building trusted relationships.
  • Uphold the firm's code of ethics and business conduct.


Job Requirements and Preferences:
Basic Qualifications:
Minimum Degree Required:
Bachelor Degree
Required Field(s) of Study:
Computer and Information Science,Computer Applications,Computer Engineering,Forensic Science,Management Information Systems
Minimum Year(s) of Experience:
5 year(s)
Certification(s) Required:
GIAC including GCFA, GCFE, GREM, GNFA, GCCC, and/or GCIA.
Preferred Qualifications:
Degree Preferred:
Master Degree
Preferred Knowledge/Skills:
Demonstrates thorough abilities and/or a proven record of success in the following areas:

  • Applying incident handling processes including preparation, identification, containment, eradication, and recovery to protect enterprise environments;
  • Analyzing the structure of common attack techniques in order to evaluate an attacker's spread through a system and network, anticipating and thwarting further attacker activity;
  • Utilizing tools and evidence to determine the kind of malware used in an attack, including rootkits, backdoors, and Trojan horses, choosing appropriate defenses and response tactics for each;
  • Using memory dumps and memory analysis tools to determine an attacker's activities on a machine, the malware installed, and other machines the attacker used as pivot points across the network;
  • Acquiring infected machines and then detecting the artifacts and impact of exploitation through process, file, memory, and log analysis;
  • Analyzing a security architecture for deficiencies;
  • Recognizing and understanding common assembly-level patterns in malicious code, such as code injection, API hooking, and anti-analysis measures;
  • Deriving Indicators of Compromise (IOCs) from malicious executables to strengthen incident response and threat intelligence efforts;
  • Conducting in-depth forensic analysis of Windows operating systems and media exploitation focusing on Windows 7, Windows 8/8.1, Windows 10, and Windows Server 2008/2012/2016;
  • Conducting in-depth forensic analysis of *Nix operating systems and media exploitation focusing on CentOS, RHEL, Solaris, AIX, HPUX, and Ubuntu/Debian;
  • Identifying artifact and evidence locations to answer critical questions, including application execution, file access, data theft, external device usage, cloud services, anti-forensics, and detailed system usage;
  • Hunting and responding to advanced adversaries such as nation-state actors, organized crime, and hacktivists;
  • Extracting files from network packet captures and proxy cache files, allowing follow-on malware analysis, or definitive data loss determinations;
  • Examining traffic using common network protocols to identify patterns of activity or specific actions that warrant further investigation;
  • Detecting and hunting unknown live, dormant, and custom malware in memory across multiple Windows systems in an enterprise environment;
  • Identifying and tracking malware beaconing outbound to its command and control (C2) channel via memory forensics, registry analysis, and network connections;
  • Targeting advanced adversary anti-forensics techniques like hidden and time-stomped malware, along with utility-ware used to move in the network and maintain an attacker's presence;
  • Using memory analysis, incident response, and threat hunting tools to detect hidden processes, malware, attacker command lines, rootkits, network connections, and more;
  • Tracking user and attacker activity second-by-second on the system via in-depth timeline and super-timeline analysis; and,
  • Identifying lateral movement and pivots within client enterprises, showing how attackers transition from system to system without detection.


Demonstrates thorough abilities and/or a proven record of success in the following areas:

  • Network Analysis, Memory Analysis, Endpoint Analysis, Cyber Incident Lifecycle, NIST 800-61; and,
  • Programming Languages such as Python, Perl, C/C++, C#, PowerShell, BASH, and Batch;


Demonstrates experience with at least two of the following tools including: X-Ways, Rekall, Volatility, EnCase, Remnux, IDA, Capture.Bat, RegShot, Radare, OllyDbg, Wireshark, Network Miner, NFdump, Tanium, CarbonBlack, CylancePROTECT, and PLASO/Log2Timeline, FireEye HX, and Crowdstrike;
Learn more about how we work: https://pwc.to/how-we-work
PwC does not intend to hire experienced or entry level job seekers who will need, now or in the future, PwC sponsorship through the H-1B lottery, except as set forth within the following policy: https://pwc.to/H-1B-Lottery-Policy.
All qualified applicants will receive consideration for employment at PwC without regard to race; creed; color; religion; national origin; sex; age; disability; sexual orientation; gender identity or expression; genetic predisposition or carrier status; veteran, marital, or citizenship status; or any other status protected by law. PwC is proud to be an affirmative action and equal opportunity employer.
The salary range for this position is: $100,000 - $232,000, plus individuals may be eligible for an annual discretionary bonus. For roles that are based in Maryland, this is the listed salary range for this position. Actual compensation within the range will be dependent upon the individual's skills, experience, qualifications and location, and applicable employment laws. PwC offers a wide range of benefits, including medical, dental, vision, 401k, holiday pay, vacation and more. To view our benefits at a glance, please visit the following link: https://pwc.to/benefits-at-a-glance

Top Skills

Cybersecurity

What the Team is Saying

Art
Brandon
Nishana
The Company
Richmond, Virginia
364,000 Employees
Hybrid Workplace
Year Founded: 1998

What We Do

We’re inspiring and empowering our people to change the world. Powered by the technology of today, you’ll work with diverse teams to build trust and create new client solutions in unexpected ways. The only way we can tackle the challenges of a fast-changing world is with people like you. Be a part of The New Equation.

Why Work With Us

Although we come from different backgrounds and cultures across the firm, our values are what we have in common. They capture our shared aspirations and expectations, and guide how we make decisions and treat others. We care for our people and are committed to inclusion, understanding and respect for all.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

PwC Teams

Team
Cloud and Digital Teams
Team
Strategic Alliances Teams
Team
Oracle Teams
About our Teams

PwC Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Typical time on-site: Flexible
VA
Airzona
OH
MI
OH
Washington
Albany, NY
Atlanta, GA
Austin, TX
Baltimore, MD
Bentonville, AR
Birmingham, AL
Boston, MA
Buffalo, NY
Charlotte, NC
Chicago, IL
Chicago, IL
Cincinnati, OH
Columbia, SC
Columbus, OH
Company Office Image
Dallas, TX
Company Office Image
Denver, CO
Des Moines, IA
Detroit, MI
El Segundo, CA
Fairport, NY
Florham Park, NJ
Fort Worth, Texas
Greensboro, NC
Hartford, CT
Company Office Image
Houston, TX
Indianapolis, IN
Irvine, CA
Jacksonville, FL
Kansas City, MO
Las Vegas, NV
Little Rock, AR
Company Office Image
Los Angeles, CA
Louisville, KY
Melville, NY
Miami, FL
Milwaukee, Wisconsin
Minneapolis, MN
Montpelier, Vermont
Nashville, TN
New York, NY
Oklahoma City, OK
Philadelphia, PA
Pittsburgh, PA
Portland, OR
Raleigh, NC
Richmond, Virginia
Rosemont, IL
Sacramento, CA
Salt Lake City, Utah
San Antonio, Texas
San Diego, CA
Company Office Image
San Francisco, CA
Company Office Image
San Jose, CA
San Juan, Puerto Rico
Sarasota, FL
Seattle, WA
Sofia, BG
Spartanburg, SC
Springdale, AR
St Louis, MO
Stamford, CT
Tampa, FL
Tampa, FL
Company Office Image
Tampa, FL
Tulsa, OK
Washington, DC
Washington, District of Columbia
West Palm Beach, FL
Learn more

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account