Job description

Cyber Incident Response Senior Associate

Apply Now    
Job Category:   Cybersecurity/Privacy
Line of Service:   Advisory
Location(s):   CA-Los Angeles|CA-San Francisco|GA-Atlanta|IL-Chicago|NY-New York
Travel Requirements:   81-100%
Level:   Senior Associate
Job ID:   106115BR
PwC/LOS Overview
PwC is a network of firms committed to delivering quality in assurance, tax and advisory services.

We help resolve complex issues for our clients and identify opportunities. Learn more about us at

At PwC, we develop leaders at all levels. The distinctive leadership framework we call the PwC Professional ( provides our people with a road map to grow their skills and build their careers. Our approach to ongoing development shapes employees into leaders, no matter the role or job title.

Are you ready to build a career in a rapidly changing world? Developing as a PwC Professional means that you will be ready
- to create and capture opportunities to advance your career and fulfill your potential. To learn more, visit us at

PwC Advisory helps our clients with their most challenging imperatives from strategy through execution. We combine the breadth of knowledge of over 48,000 global professionals with deep industry knowledge to deliver custom solutions for our clients. We work with the world's largest and most complex companies and understand the unique business issues and opportunities our clients face.

Job Description
As we aim to rapidly grow our Cybersecurity and Privacy practice, we are looking for consultants who are passionate about how strategy and technology can improve the role of cybersecurity, privacy and data protection in our digital world.

We are looking for consultants with extensive consulting, technological and industry experience who will help our clients solve their complex business issues from strategy through execution. A Cybersecurity and Privacy consulting career will provide the opportunity to grow and contribute to our clients' business issues every day, applying a collection of information and Cyber security capabilities, including security and privacy strategy and governance, IT risk, security testing, technology implementation/operations, and cybercrime and breach response.

Our Incident and Threat Management services help clients perform assessments and prepare for and respond to the tactical and strategic impacts of cybersecurity incidents. We assist in understanding the unique threats to clients’ organizations through analysis of the threat landscape; we also leverage government, law enforcement, and peer resources to more effectively combat threats through information-sharing opportunities such as ISAOs and information-sharing models.

Position/Program Requirements
Minimum Year(s) of Experience: 3

Minimum Degree Required: Bachelor's degree in Computer Science, Computer Engineering, Digital Forensics Sciences, or IT related fields.

Degree Preferred: Master's degree

Certification(s) Preferred: in GIAC including GCFA, GCFE, GREM, GNFA, GCCC,

and/or GCIA.

Knowledge Preferred:

Demonstrates thorough abilities and/or a proven record of success in the following areas:
- Apply incident handling processes-including preparation, identification, containment, eradication, and recovery-to protect enterprise environments;
- Analyze the structure of common attack techniques in order to evaluate an attacker's spread through a system and network, anticipating and thwarting further attacker activity;
- Utilize tools and evidence to determine the kind of malware used in an attack, including rootkits, backdoors, and Trojan horses, choosing appropriate defenses and response tactics for each;
- Use memory dumps and memory analysis tools to determine an attacker's activities on a machine, the malware installed, and other machines the attacker used as pivot points across the network;
- Acquire infected machines and then detect the artifacts and impact of exploitation through process, file, memory, and log analysis;
- Analyze a security architecture for deficiencies;
- Recognize and understand common assembly-level patterns in malicious code, such as code injection, API hooking, and anti-analysis measures;
- Derive Indicators of Compromise (IOCs) from malicious executables to strengthen incident response and threat intelligence efforts;
- Conduct in-depth forensic analysis of Windows operating systems and media exploitation focusing on Windows 7, Windows 8/8.1, Windows 10, and Windows Server 2008/2012/2016;
- Conduct in-depth forensic analysis of *Nix operating systems and media exploitation focusing on CentOS, RHEL, Solaris, AIX, HPUX, and Ubuntu/Debian;
- Identify artifact and evidence locations to answer critical questions, including application execution, file access, data theft, external device usage, cloud services, anti-forensics, and detailed system usage;
- Hunt and respond to advanced adversaries such as nation-state actors, organized crime, and hacktivists;
- Extract files from network packet captures and proxy cache files, allowing follow-on malware analysis, or definitive data loss determinations;
- Examine traffic using common network protocols to identify patterns of activity or specific actions that warrant further investigation;
- Detect and hunt unknown live, dormant, and custom malware in memory across multiple Windows systems in an enterprise environment;
- Identify and track malware beaconing outbound to its command and control (C2) channel via memory forensics, registry analysis, and network connections;
- Target advanced adversary anti-forensics techniques like hidden and time-stomped malware, along with utility-ware used to move in the network and maintain an attacker's presence;
- Use memory analysis, incident response, and threat hunting tools to detect hidden processes, malware, attacker command lines, rootkits, network connections, and more;
- Track user and attacker activity second-by-second on the system via in-depth timeline and super-timeline analysis; and,
- Identify lateral movement and pivots within client enterprises, showing how attackers transition from system to system without detection.

Skills Preferred:

Demonstrates thorough abilities and/or a proven record of success in the following areas:
- Network Analysis, Memory Analysis, Endpoint Analysis, Cyber Incident Lifecycle, NIST 800-61;
- Programming Languages such as Python, Perl, C/C++, C#, PowerShell, BASH, and Batch;

- Demonstrable experience with at least two of the following tools including, X-Ways, Rekall, Volatility, EnCase, Remnux, IDA, Capture.Bat, RegShot, Radare, OllyDbg, Wireshark, Network Miner, NFdump, GREP, Tanium, CarbonBlack, CylancePROTECT, and PLASO/Log2Timeline.

Apply Now    
Link for schema