Vulnerability Management & Secops | Analyst/Associate

At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data.

As a cybersecurity generalist at PwC, you will focus on providing comprehensive security solutions and experience across various domains, maintaining the protection of client systems and data. You will apply a broad understanding of cybersecurity principles and practices to address diverse security challenges effectively.

Driven by curiosity, you are a reliable, contributing member of a team. In our fast-paced environment, you are expected to adapt to working with a variety of clients and team members, each presenting varying challenges and scope. Every experience is an opportunity to learn and grow. You are expected to take ownership and consistently deliver quality work that drives value for our clients and success as a team. As you navigate through the Firm, you build a brand for yourself, opening doors to more opportunities.

Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to :

• Apply a learning mindset and take ownership for your own development.
• Appreciate diverse perspectives, needs, and feelings of others.
• Adopt habits to sustain high performance and develop your potential.
• Actively listen, ask questions to check understanding, and clearly express ideas.
• Seek, reflect, act on, and give feedback.
• Gather information from a range of sources to analyse facts and discern patterns.
• Commit to understanding how the business works and building commercial awareness.
• Learn and apply professional and technical standards (e.g. refer to specific PwC tax and audit guidance), uphold the Firm's code of conduct and independence requirements.

The Cybersecurity L1 Analyst / Associate is the first line of defense in cybersecurity operations, responsible for initial monitoring, triage, basic troubleshooting, and escalating issues appropriately across security domains—including Threat Detection & Response (TDR), Identity & Access Management (IAM), Vulnerability Management (VM), and Security Operations (SecOps).

This role ensures timely detection of anomalies, execution of standard operating procedures (SOPs), and support of day-to-day operational activities under the guidance of L2 and L3 teams.

The L1 Cybersecurity Analyst provides foundational operational support across security towers, executing monitoring, triage, documentation, and routine system maintenance. This role is essential for ensuring timely detection of threats, accurate escalation, and reliable functioning of cybersecurity tools and processes in a 24 / 7 environment.

• Share and collaborate effectively with others, creating a positive team spirit.
• Identify and make suggestions for improvements when problems and / or opportunities arise.
• Validate data and analysis for accuracy and relevance.
• Follow risk management and compliance procedures.
• Communicate confidently in a clear, concise, and articulate manner - verbally and in written form.
• Seek opportunities to learn about the wider economy alongside the business models / corporate governance and / or regulatory environment of our clients.
• Uphold the firm's code of ethics and business conduct.

• 1-3 years of experience in cybersecurity or IT operations (freshers with certification / training also considered).
• Basic understanding of SIEM, EDR, IAM, VM, or ITSM tools.
• Working knowledge of operating systems, networks, and cybersecurity fundamentals.
• Strong communication, analytical thinking, and problem-solving skills.
• Ability to follow documented procedures accurately and consistently.

• Exposure to cloud platforms (Azure, AWS) or scripting (Python, PowerShell).
• Understanding of MITRE ATT&CK, vulnerability scoring, threat intelligence.
• Security certifications such as Security+, CEH, AZ-900, ITIL.

• Security Monitoring & Initial Incident Triage: Continuously monitor SIEM dashboards, EDR alerts, and security tools for potential security events; Perform initial validation, enrichment, and triage of alerts to determine severity and legitimacy; Escalate suspicious or confirmed incidents promptly to L2 or client teams per SOP; Execute containment actions only if pre-approved and documented.
• Vulnerability Management Support: Run or monitor daily scan health, including scan failures, credential issues, and discovery schedule gaps; Review and update tagging, asset identification, and scanner hygiene activities; Validate obvious false positives or reassign support tickets as necessary; Monitor remediation ticket creation / routing in the ITSM system.
• IAM Operational Activities: Execute manual provisioning tasks for enterprise applications (AD, SAP, JDE, Oracle) under supervision; Support certificate lifecycle operations by identifying upcoming expirations; Assist with SOP-driven IAM workflows across PAM, IGA, and Access Management.
• Routine Application & System Maintenance: Perform daily operational checks for security tools across TDR, IAM, VM, and SecOps; Verify backups, job completions, ingestion status, and platform service availability; Perform basic break-fix troubleshooting following SOP guidelines; Complete user administration tasks (creation, updates, revocation) based on access policies.
• Ticket Management & Queue Monitoring: Track open tickets, triage inbound requests, and ensure correct routing to relevant queues; Validate incomplete or misrouted tickets before escalating; Update tickets accurately with findings, timestamps, and actions taken.
• Documentation & Knowledge Capture: Document daily activities, triage steps, case notes, and lessons learned; Maintain logs of troubleshooting activities to support audit and RCA work; Assist in updating SOPs, runbooks, quick reference guides, and knowledge articles.
• Ad-Hoc Support Tasks: Execute ad-hoc search queries in SIEM or security tools as requested by L2 / L3; Support onboarding, cross-training, and knowledge transfer sessions; Provide assistance during service disruptions or high-severity incidents.
• Shift Support & Operational Discipline: Operate within a 24x7 or follow-the-sun model , ensuring timely handovers; Maintain shift logs, follow escalation paths, and adhere strictly to SLAs; Support L2 / L3 teams during P1 / P2 incidents with data collection and communication.
• Communication & Collaboration: Communicate clearly and promptly with internal teams, documenting all interactions; Coordinate with IT, infrastructure, IAM, VM, and other cybersecurity teams as needed.
• Continuous Learning & Skill Development: Actively pursue learning pathways to advance toward L2 responsibilities; Stay informed about basic cybersecurity threats, tools, and industry trends.

• Understand the importance of have a correct information management
• Knowledge of Information Security and Data Protection
• Correct Information Security Management

All qualified applicants will receive consideration for employment at PwC without regard to ethnicity; creed; color; religion; national origin; age; disability;neurodiversity; sexual orientation; gender identity or expression; marital; or any other status protected by law. PwC is proud to be an inclusive organization and equal opportunity employer.

Travel Requirements

Not Specified

Job Posting End Date