Cybersecurity Manager (SOC and IR)

Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Manager

Job Description & Summary

We believe that challenges are best solved together. That’s why, when you join us, you become part of a diverse and global community of problem-solvers. You'll find an unexpected mix of people who bring their unique expertise to build trust in society and tackle important issues. Here, we welcome and encourage you to lead with value and inspiration, question and challenge assumptions, as well as embrace new opportunities to deliver quality outcomes in exciting and unexpected ways, all with the support of technology.

About the team

A career in our Information Privacy Protection practice, within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. You’ll play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats.

Our team helps organisations safeguard critical assets by identifying, prioritising, and protecting sensitive or high value business assets. In joining, you’ll focus on conducting privacy, security, and identity theft prevention assessments to build a privacy roadmap for our clients that can be integrated into a global privacy compliance and risk framework.

About the role

•  As a experienced Manager for the PwC SEAC Incident Response team, you will manage all aspects of a security engagement from inception to completion.  
•  Lead end-to-end Threat Response function, including developing the team's incident response capabilities        
• You will develop and present accurate and timely deliverables to customers outlining appropriate technical solutions, next steps, and accurate conclusions. 
• When not responding to breaches, you will conduct enterprise threat hunting, help clients develop incident response plans, facilitate tabletop exercises as well as provide other strategic security services related to incident response. 
• Lead end-to-end Threat Response function, including developing the team's incident response capabilities  
• Possess a strong ability to evaluate and improve the effectiveness of incident response and security policies and programs in use. 
• Lead and mentor the Security Operations Centre (SOC) team.  
• Oversee 24/7 monitoring, incident handling, and threat intelligence analysis.  
• Foster a culture of continuous learning and professional growth within the SOC team. 

About you

You will need the following security consulting and professional skill:

• Demonstrated ability to work with and advise senior and executive level clients regarding strategic and tactical processes of Incident Response. 

• Strong ability to communicate with customers of varying technical levels. 

• Advanced understanding of information security governance concepts, including familiarity with elements of cyber security incident response plans, incident response management, and lifecycle. 

• Ability to gauge maturity level of an organization’s incident response program by applying industry best practices, while being cognizant of an organization’s industry, size, budget, and threat profile. 

• Accurately assess and evaluate client’s needs, propose an appropriate and applicable service, and clearly communicate the solution to the customer. 

• A strong understanding of attacker methodologies, attack lifecycle, Cyber Kill Chain, etc. 

• Ability to communicate technical findings & concepts to key stakeholders. 

• Capable of working independently as well as providing leadership on internal projects and client engagements. 

• Experience managing technical security projects either as a consultant or internal security practitioner. 

• A practical understanding of network protocols, network devices, computer security devices, secure architecture & system administration in support of computer forensics & network security operations. 

• Experience with assessing and developing enterprise-wide policies and procedures for IT risk mitigation and incident response. 

• Working experience with virtualization environments 

• Experience in Windows, Mac, and Unix operating systems. 

• Proficient in writing cohesive reports for a technical and non-technical audience. 

• Experience in malware analysis

Required Technical and Professional Expertise 
 

• Examine and analyze available client internal policies, processes, and procedures to determine patterns and gaps at both strategic and tactical levels. Recommend appropriate course of action to support maturing the client’s incident response program and cyber security posture. 
• Experience with planning, scoping, and delivering technical and/or executive level tabletop exercises, with a focus on either tactical or strategic incident response processes. Ability to incorporate current trends and develop custom scenarios applicable to a client. 
• Take initiative, manage tasks, and be accountable for outcomes 
• Diverse understanding of cyber security related vulnerabilities, common attack vectors, and mitigations. 
• Develop strategic level incident response plans as well as tactical-focused playbooks. 
• Manage tasks and coordinate work streams during incident response investigations.  
• Conducting forensic investigations and analysis in support of cyber incidents that are reported 
• Provide evidence, perform data collection, documentation, and structured analysis of forensic data and and present the findings to business users. 
• Perform triage and conduct thorough examinations of all types of digital media within client environment 
• Experience with cloud platforms like AWS, GCP & Azure. 
• Forensically analyze both Windows & Unix systems for evidence of compromise. 
• Proficiency with industry standard forensic tools such as EnCase, FTK, X-Ways, Sleuthkit, UFED. 
• Perform log analysis locally and via SIEM/log aggregation tool. 
• Hunt threat actors in large enterprise networks and cloud environments. 
• Experience in Endpoint Detection & Response (EDR) tools such as MS Defender Cortex, Carbon Black, CrowdStrike  
• Analyze and/or decipher packet captures from network protocol analyzers (Wireshark, TCPdump, etc). 
• Familiarity with Active Directory, Exchange and Office365 applications and logs, tools and techniques required to analyze & reverse diverse protocols and data traversing a network environment. 
• Conducts advanced computer, mobile device and network forensic investigations relating to various forms of compromises, including unauthorized access, theft of information and denial of service attacks. 
• Conduct forensics analysis leveraging forensics technologies, such as memory capturing, network forensic capturing, and capturing of data at rest, to collect evidence and presents results for determination of violation based on the details of the request. 
• Employ best practices and forensically sound principles such as evidence handling and chain of custody. 

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required:

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Not Specified

Available for Work Visa Sponsorship?

Yes

Government Clearance Required?

Yes

Job Posting End Date