The role
PwC’s Global Threat Intelligence and practice is seeking a detection engineer and threat hunter who has a passion and aptitude for developing behavioural techniques and analytics to detect adversary behaviour in enterprise IT networks.
The team focuses on the identification of novel intrusion techniques and tracking of several hundred threat actors, ranging from organised crime groups to state affiliated espionage actors, originating from more than 25 countries.
What your days will look like:
Joining the detection engineering team within PwC’s Global Threat Intelligence practice, you will lead research and engineering efforts for novel blue team and threat hunting techniques with endpoint, cloud and network telemetry, and develop and refine our bespoke detection content libraries for XDR solutions (such as Microsoft Defender XDR, Palo Alto Networks Cortex XDR and Tanium Threat Response) and intrusion detection systems (such as Suricata). You will work closely with threat research and incident response teams investigating attacker activity in the wild, red teams seeking to develop new techniques, and managed services teams deploying your content into client environments, where you will also work with telemetry for testing purposes.
Roles and responsibilities:
1. Work closely with our threat intelligence analysts to build detection coverage for techniques leveraged by the threat actors that the Global Threat Intelligence team tracks
2. Utilize self-driven approaches, leveraging OSINT reporting as well as threat hunting in XDR and SIEM platforms to identify new opportunities for detection content
3. Build automations and integrations which interface with XDR, SIEM and EDR products to facilitate evaluation of content in development as well as onboarding of production detection content with PwC’s clients
4. Find opportunities to drive efficiency in detection rule production through automating repetitive tasks and identifying workflow improvements
5. Provide defender-oriented perspectives to threat intelligence analysis and reporting, advising on mitigations, detections and other defensive measures to action identified threat actor techniques
6. Engage with cyber advisory functions across the PwC network (such as managed cyber defense, incident response and red team functions) on utilizing detection content and occasionally advise clients on best practices for threat hunting & detection
This role is for you if:
7. You have strong experience writing and tuning detection rules that are deployed at scale in an enterprise network setting, either within an organization or in a managed SOC environment
8. You have strong familiarity with the internals of operating systems, such as installation, persistency, enumeration and authentication mechanisms, in particular for Windows
9. You have experience working with version control systems (git), associated collaborative review processes and build pipeline technologies (e.g. Google CloudBuild, Jenkins, CircleCI, GitHub Actions)
10. You have experience responding to security incidents with a demonstrated understanding of how defenders respond to security breaches and mitigate threats
11. You have high familiarity with the MITRE ATT&CK framework and how it maps to TI research and detections
12. You have robust awareness of the current cyber threat landscape, including current threat actors both financially motivated and APTs, as well as key malware families and trends in threat actor techniques
13. You are proficient in writing Python code to best-practice production standards for command-line applications, build pipelines and interfacing with APIs