PwC
Website:
pwc.com
Job details:
At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In cybersecurity incident management at PwC, you will focus on effectively responding to, and mitigating, cyber threats, maintaining the security of client systems and data. You will be responsible for identifying, analysing, and resolving security incidents to minimise potential damage and protect against future attacks.
Driven by curiosity, you are a reliable, contributing member of a team. In our fast-paced environment, you are expected to adapt to working with a variety of clients and team members, each presenting varying challenges and scope. Every experience is an opportunity to learn and grow. You are expected to take ownership and consistently deliver quality work that drives value for our clients and success as a team. As you navigate through the Firm, you build a brand for yourself, opening doors to more opportunities.
Skills
Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to:
- Apply a learning mindset and take ownership for your own development.
- Appreciate diverse perspectives, needs, and feelings of others.
- Adopt habits to sustain high performance and develop your potential.
- Actively listen, ask questions to check understanding, and clearly express ideas.
- Seek, reflect, act on, and give feedback.
- Gather information from a range of sources to analyse facts and discern patterns.
- Commit to understanding how the business works and building commercial awareness.
- Learn and apply professional and technical standards (e.g. refer to specific PwC tax and audit guidance), uphold the Firm's code of conduct and independence requirements.
Role Overview
TDR Operations Experienced Associate (India) L3 Job Description
PwC is seeking an experienced and technically strong L3 Threat Detection & Response (TDR) Analyst to serve as a senior escalation point within the Cyber Managed Services Security Operations Center (SOC). This role is responsible for advanced threat detection, complex incident response, threat hunting, detection engineering, and mentoring L1/L2 analysts.
The L3 analyst plays a critical role in improving detection capabilities, enhancing client security posture, and driving continuous capability development across SOC operations.
Basic Qualifications
- Minimum Degree Required: Bachelor’s Degree
- Minimum Years of Experience: 3 to 5 years
- Certification(s) Preferred: GSEC, GCDA, SEC+, Network+, Security+, Certified Incident Handler (GCIH), Certified Intrusion Analyst (GIAC), CCNA-Security, CEH, CISSP, CTIA
Preferred Knowledge/Skills: Demonstrates knowledge, leadership, and/or a proven record of success in the following areas:
- Networking and applying Network Principles (including the OSI Model, TCP/IP, DNS, HTTP, SMTP), System Administration, and Security Architecture
- Applying Incident Response Frameworks and Handling Procedures
- Threat Hunting/Threat Intelligence (Hypothesis and IOC)
- SIEM/SOAR Engineering and Administration
- Malware Analysis (Static and Dynamic)
- Fluency with the cyber-attack lifecycle and/or the tactics, techniques, and procedures of threat actors
- Information security, compliance, assurance, and/or other security best practices and principles
- Possessing and fostering an inquisitive mindset amongst team members
Core Roles & Responsibilities
- Advanced Threat Detection & Incident Response
- Act as the primary escalation point for L2 analysts and manage complex, high-severity incidents TDR L3, L4 responsibilities
- Lead deep-dive investigations across SIEM, EDR, Email Security, DLP, IAM, Network, and Cloud platforms
- Perform advanced log correlation and root cause analysis
- Drive containment, eradication, and recovery efforts aligned with IR frameworks
- Conduct post-incident reviews and recommend detection improvements
- Handle cross-functional and client escalations beyond L2 scope
- Threat Hunting & Threat Intelligence
- Conduct proactive threat hunting based on hypotheses and intelligence inputs
- Develop and operationalize IOCs and behavioral detection strategies
- Map threats to MITRE ATT&CK framework
- Identify stealthy attack patterns and reduce dwell time
- Produce threat intelligence briefings for clients and leadership
- Detection Engineering & SIEM Use Case Development
- Lead alert tuning reviews to reduce false positives and improve detection fidelity
- SIEM Content Development involves writing advanced queries (KQL, SPL, etc.), creating and customizing detection rules, alerts, dashboards, and reports within a Security Information and Event Management (SIEM) system to identify security threats and anomalies effectively.
- It includes defining use cases, writing correlation rules, tuning event filters, and integrating threat intelligence to improve incident detection and response.
- Effective content development requires in-depth knowledge of security threats, log sources, and organizational environments to ensure relevant and actionable alerts with minimal false positives
- Threat Detection Platform Management
- Oversee management and optimization of detection platforms including:
- SIEM (Splunk, MS Sentinel)
- EDR (Defender, CrowdStrike, SentinelOne, Cortex XDR)
- Email Security (Proofpoint, O365)
- SOAR (XSOAR, Phantom)
- Ensure log source onboarding and data quality validation
- Drive automation playbooks and response orchestration
- Support platform health monitoring and performance improvements=
- Technical Leadership & Capability Development
- Provide technical training and mentorship to L1/L2 analysts
- Lead knowledge-sharing sessions and technical workshops
- Develop SOC playbooks, SOPs, and investigation runbooks
- Foster inquisitive and analytical mindset within the team
- Support skill uplift initiatives and capability maturity
- Policy, Governance & Compliance
- Support policy management and governance alignment
- Ensure adherence to incident handling standards and risk management processes
- Align detection controls with compliance frameworks (NIST, ISO 27001, etc.)
- Contribute to audit responses and control validation
- Client Relationship Management & Reporting
- Provide executive-ready reporting and incident summaries
- Lead technical discussions during client review calls
- Translate technical findings into business-impact language
- Support SLA adherence and operational governance meetings
- Act as a trusted advisor to client security leadership
- Continuous Improvement
- Stay updated on emerging threats, exploits, and vulnerabilities
- Research new attack vectors and detection methodologies
- Recommend enhancements in tools, automation, and workflows
- Support innovation initiatives within Cyber Managed Services
Tools Experience
- SIEM: Splunk, Microsoft Sentinel, Sentinelone, XSIAM
- EDR: Defender, CrowdStrike, SentinelOne, Cortex XDR
- SOAR: Palo XSOAR, Splunk SOAR or D3 SOAR
- Email Security: Proofpoint, O365
- DLP, IAM, Proxy tools, Network Security Devices
- Cloud security monitoring platforms
Click on Apply to know more.