Senior Associate : Digital Forensics / Incident Response

Summary: At PwC, our forensic services focus on identifying and preventing fraudulent activities, conducting investigations, and maintaining compliance with regulatory requirements. Individuals in this field play a crucial role in safeguarding organisations against financial crimes and maintaining ethical business practices.

Main purpose of the role

• Conduct incident and investigation post-mortem analysis, and reporting;
• Conduct forensic investigations including physical/logical disk, network packet capture, memory analysis, or malware analysis;
• Use EDR/XDR tools to triage and respond to cyber incidents;
• Plan, organise, and devise approaches necessary to respond to incidents and obtain useful forensic information from the evidence collected;
• Prioritise and differentiate between potential intrusion activity and false alarms;
• Provide technical guidance to investigations to correctly gather, analyse, and present digital evidence to both business and legal audiences;
• Collate conclusions and recommendations and present forensic findings to stakeholders;
• Contribute to the development of internal scripts and tools for incident response;
• Correlate threat intelligence with active attacks and vulnerabilities within the enterprise;
• Research and test new DFIR tooling and techniques;
• Provide incident response support services for client assignments; and
• Assist with crisis management and enhance incident response capabilities against emerging threats.

Skills and Experience

• Experience with forensic tools such as EnCase, X-Ways, SIFT, or FResponse;
• Knowledge of Windows internals and indicators of compromise using tools like SysInternals, RegRipper, Volatility, or Mandiant Redline;
• Experience analysing security information from enterprise sensors like IDS/IPS, HIDS, SIEMs, AD controllers, and firewalls;
• Proficiency in network forensics tools such as Wireshark, FireEye, Solera, SNORT, or NetWitness;
• Knowledge of offensive security, ethical hacking, and Threat Intelligence methodologies;
• Experience with enterprise EDR or investigative products like Tanium, Carbon Black, Mandiant MIR, CrowdStrike Falcon, or EnCase Cybersecurity;
• Scripting skills in Python, Perl, PowerShell, or other languages used in forensic analysis and incident response.

Qualifications

• B.Tech, BSc in Computer Science, BCom IT, or relevant qualifications;
• Industry-recognised certifications.

Experience

• 2-3 years’ experience in incident response and cybersecurity;
• Digital forensics experience is advantageous;
• Management and consulting experience are advantageous;
• Ability to derive insights from diverse data sets;
• Strong networking and general IT understanding;
• Basic scripting skills;
• Knowledge of ISO and NIST standards;
• Proactive, delivery-focused, and able to work under pressure;
• Planning, organising, and conflict management skills;
• Analytical, solutions-driven, flexible, and adaptable.

Drivers Licence: Essential. Own transport required.

Overtime: May be required to meet project deadlines.

Travel: Extensive travel within Gauteng and nationally; occasional international travel, sometimes at short notice.

Language

Fluent in English; additional languages are advantageous.