Junior Threat Analyst

Job Description & Summary

You'll be joining a growing team at PwC responsible for the development and delivery of threat research and intelligence services provided by PwC across the globe, ranging from ad-hoc technical analysis to long term campaign tracking and reporting. As part of the role, you'll also be working hand in hand with our incident response practice while they investigate intrusions, with our hunt and monitoring teams to develop signatures and detection techniques for the latest attackers TTPs, and with customers facing everything from FIN7 to APT28. In this role you will track nation state and organised crime actors targeting PwC's global client base. You could be involved in monitoring C2 infrastructure for an actor, targeted attack activity in a specific region, or the evolution of specific malware families, and everything in between. 

Responsibilities 

• Track new threat actors and campaigns, monitor the activity of known actors by using all source intelligence. 
• Production of analytic content, detection concepts and signatures to detect malicious activity. 
• Delivering reports and presentations based on research into emerging threats, and sharing your findings with customers, or with the public via blogs, conference presentations etc. 
• Researching and developing new tools and scripts to continually update or improve our threat intelligence automation processes, collection methods and analytical capability. 
• Participate in analysis surges to renew and further develop our knowledge on new and existing threat actors. 
• Supporting an incident response lifecycle, to provide threat intelligence support to active investigations and IR teams. 

Skills and Experience 

If you're interested in tackling international espionage, uncovering criminal activity & tracking hacktivists – we're keen to talk to you. We expect you will already be able to demonstrate experience and knowledge in one or more of the following areas: 

• Experience with collecting, processing, and analysing information from multiple sources, documenting the results and providing actionable intelligence. 
• Ability to apply an analytical methodology to support your conclusions in relation to specific threat actors, and an ability to rationalise and articulate your conclusions in written reports. 
• Knowledge of open source or commercial platforms, tools and frameworks used within threat intelligence teams, such as threat intelligence platforms, sandboxes etc. 
• Development and curation of APT and targeted attack intrusion sets along with campaign research and tracking experience. 
• Knowledge of common threat actors and their tactics, techniques, and procedures (TTPs). 
• Malware reverse engineering knowledge in order to identify and classify new samples, understand C2 protocols and functional capability. 
• Knowledge of scripting languages such as Python, Perl or PowerShell and their use in automation of collection and management of intel indicators. 
• Developing analytic content, detection concepts and signatures to detect malicious activity across an IT estate, such as Suricata, OpenIOC or Yara rules. 
• Experience analysing security information from enterprise network and host based sensors, such as IDS/IPS systems, HIDS, SIEMs, AD controllers and firewalls.