-

Endpoint Detection Engineering Manager

Category Technology - Experienced
  • London
  • Birmingham
  • Glasgow
  • Cardiff
  • Edinburgh
  • Manchester

Job Advanced Widget

Job ID 577937WD
Contract Type Full time
Line Of Service Risk
JOB DESCRIPTION

About the role

PwC’s Global Threat Intelligence and practice is seeking a detection engineer and threat hunter who has a passion and aptitude for developing behavioural techniques and analytics to detect adversary behaviour in enterprise IT networks.

The team focuses on the identification of novel intrusion techniques and tracking of several hundred threat actors, ranging from organised crime groups to state affiliated espionage actors, originating from more than 25 countries.

What your days will look like:

Joining the detection engineering team within PwC’s Global Threat Intelligence practice, you will lead research and engineering efforts for novel blue team and threat hunting techniques with endpoint, cloud and network telemetry, and develop and refine our bespoke detection content libraries for XDR solutions (such as Microsoft Defender XDR, Palo Alto Networks Cortex XDR and Tanium Threat Response) and intrusion detection systems (such as Suricata). You will work closely with threat research and incident response teams investigating attacker activity in the wild, red teams seeking to develop new techniques, and managed services teams deploying your content into client environments, where you will also work with telemetry for testing purposes.

Roles and responsibilities:

  • Work closely with our threat intelligence analysts to build detection coverage for techniques leveraged by the threat actors that the Global Threat Intelligence team tracks

  • Utilize self-driven approaches, leveraging OSINT reporting as well as threat hunting in XDR and SIEM platforms to identify new opportunities for detection content

  • Build automations and integrations which interface with XDR, SIEM and EDR products to facilitate evaluation of content in development as well as onboarding of production detection content with PwC’s clients

  • Find opportunities to drive efficiency in detection rule production through automating repetitive tasks and identifying workflow improvements

  • Provide defender-oriented perspectives to threat intelligence analysis and reporting, advising on mitigations, detections and other defensive measures to action identified threat actor techniques

  • Engage with cyber advisory functions across the PwC network (such as managed cyber defense, incident response and red team functions) on utilizing detection content and occasionally advise clients on best practices for threat hunting & detection

This role is for you if:

  • You have strong experience writing and tuning detection rules that are deployed at scale in an enterprise network setting, either within an organization or in a managed SOC environment

  • You have strong familiarity with the internals of operating systems, such as installation, persistency, enumeration and authentication mechanisms, in particular for Windows

  • You have experience working with version control systems (git), associated collaborative review processes and build pipeline technologies (e.g. Google CloudBuild, Jenkins, CircleCI, GitHub Actions)

  • You have experience responding to security incidents with a demonstrated understanding of how defenders respond to security breaches and mitigate threats

  • You have high familiarity with the MITRE ATT&CK framework and how it maps to TI research and detections

  • You have robust awareness of the current cyber threat landscape, including current threat actors both financially motivated and APTs, as well as key malware families and trends in threat actor techniques

  • You are proficient in writing Python code to best-practice production standards for command-line applications, build pipelines and interfacing with APIs


loading

Get notified for similar jobs

You'll receive updates once a week

Success! Successfully subscribed for similar jobs Failure! You have already subscribed for this job Failure! Failed to subscribed for similar jobs
loading

Profile recommendations

No recommendations found

loading

Similar Jobs

No recommendations found

loading

Job seekers also viewed

No recommendations found

Our commitment to you
We’re committed to building an inclusive culture that empowers all of our people to thrive and feel a sense of belonging at PwC. We seek to attract talented people from different backgrounds with diverse perspectives who can bring innovation and creativity.
Our offer to you
'The Deal’, is our firmwide Employee Value Proposition which clearly sets out what you can expect from your experience at the firm both professionally and personally, including our approach to hybrid working, and what we expect from you in return.
Pay and benefits
As part of our overall deal we offer you a competitive package.
Application support
We make recruitment and workplace adjustments wherever needed and practical, so please let us know in your application if there’s anything that will enable you to demonstrate your skills.
How would you rate your experience popup