Incident Response Manager

Social network you want to login/join with:

Our Incident and Threat Operations services are central to this. We support PwC’s clients in crisis across our global network to respond, remediate, and recover from a wide variety of cyber attacks. We also support clients in developing detection engineering and threat hunting strategies for modern SecOps environments, and engineer automation and orchestration playbooks to streamline detection and response activities. We design playbooks for investigation, response, and recovery.

We are assured by the UK NCSC under its Enhanced Cyber Incident Response scheme, to respond to sophisticated attacks on networks of national significance. Recent incidents we have responded to include human-operated ransomware attacks on some of the world’s largest corporations, and APT intrusions at NGOs. Our investigation work spans cyber crime, corporate espionage, and state-affiliated threat actors.

Our Incident and Threat Operations practice works closely alongside many other of our front-line technical teams to deliver an end-to-end incident response capability to clients, including our global threat intelligence team, threat hunting team, and ethical hacking practice. We also work with PwC’s dedicated crisis coordination team to provide support at all levels of client organizations.

Responsibilities

1. Perform high-quality technical analysis, helping our clients understand what happened during a cyber security incident or data breach. Produce high-quality output in various formats, from daily update briefs to full technical investigation reports.
2. Support technical activities such as behavioral detection content creation to support SecOps modernisation and orchestration engagements.
3. Work alongside client teams and ensure risk is managed appropriately throughout the project lifecycle, following PwC’s processes for client and engagement acceptance.
4. Manage client engagements: act as the key point of contact for client technical teams, set daily direction for PwC’s technical teams, and be accountable for the technical excellence of our delivery.
5. Provide mentoring and oversight to the incident response practice to help the team grow and develop.
6. Collaborate and build relationships with PwC’s wider Cyber Security practice, sharing insights gained from incident responses and helping other teams win and deliver work.
7. Participate in PwC’s global incident response community to support knowledge sharing, practice development, and collaboration with global colleagues. Assist other PwC teams, including crisis, external audit, and eDiscovery, with cyber subject matter expertise.

This role is for you if you have the following experience

• A robust understanding of, and recent hands-on experience with, two or more of the following: digital forensics and technical incident response; enterprise security operations capabilities and tooling; addressing detection coverage in EDR/SIEM solutions for ATT&CK TTP gaps; enterprise IT networks and Active Directory; and cloud services such as Microsoft, Azure, GCP, and AWS.
• A keen eye for detail and the ability to solve challenging technical problems. The capability to explain your technical findings to diverse audiences, including non-technical individuals. An understanding of threat actors and techniques used to compromise organizations.
• The ability to build relationships with colleagues, PwC members, and clients. Experience in training and mentoring team members in technical and soft skills.
• Familiarity with, or experience delivering, incident readiness and preparedness services, such as tabletop exercises, threat briefings, incident playbooks or runbooks, and capability gap analysis.
• Acting as investigation lead for small to medium-sized cyber incidents, overseeing team work, scoping solutions for clients, and leading responses to client requirements.