PwC
Website:
pwc.com
Job details:
At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In cybersecurity incident management at PwC, you will focus on effectively responding to, and mitigating, cyber threats, maintaining the security of client systems and data. You will be responsible for identifying, analysing, and resolving security incidents to minimise potential damage and protect against future attacks.
Focused on relationships, you are building meaningful client connections, and learning how to manage and inspire others. Navigating increasingly complex situations, you are growing your personal brand, deepening technical expertise and awareness of your strengths. You are expected to anticipate the needs of your teams and clients, and to deliver quality. Embracing increased ambiguity, you are comfortable when the path forward isn’t clear, you ask questions, and you use these moments as opportunities to grow.
Skills
Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to:
- Respond effectively to the diverse perspectives, needs, and feelings of others.
- Use a broad range of tools, methodologies and techniques to generate new ideas and solve problems.
- Use critical thinking to break down complex concepts.
- Understand the broader objectives of your project or role and how your work fits into the overall strategy.
- Develop a deeper understanding of the business context and how it is changing.
- Use reflection to develop self awareness, enhance strengths and address development areas.
- Interpret data to inform insights and recommendations.
- Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance), the Firm's code of conduct, and independence requirements.
Cyber Data & Tech Risk Managed Services - TDR Operations Senior Associate L3 Job Description
Role Overview
PwC is seeking an experienced and technically strong L3 Threat Detection & Response (TDR) Analyst to serve as a senior escalation point within the Cyber Data & Tech Risk Managed Services Security Operations Center (SOC). This role is responsible for advanced threat detection, complex incident response, threat hunting, detection engineering, and mentoring L1/L2 analysts.
The L3 analyst plays a critical role in improving detection capabilities, enhancing client security posture, and driving continuous capability development across SOC operations.
Basic Qualifications
- Minimum Degree Required: Bachelor’s Degree
- Minimum Years of Experience: Five (5) or more
- Certification(s) Preferred: GSEC, GCDA, SEC+, Network+, Security+, Certified Incident Handler (GCIH), Certified Intrusion Analyst (GIAC), CCNA-Security, CEH, CISSP, CTIA
Preferred Knowledge/Skills
- Demonstrates knowledge, leadership, and/or a proven record of success in the following areas:
- Networking and applying Network Principles (including the OSI Model, TCP/IP, DNS, HTTP, SMTP), System Administration, and Security Architecture
- Applying Incident Response Frameworks and Handling Procedures
- Threat Hunting/Threat Intelligence (Hypothesis and IOC)
- SIEM/SOAR Engineering and Administration
- Malware Analysis (Static and Dynamic)
- Fluency with the cyber-attack lifecycle and/or the tactics, techniques, and procedures of threat actors
- Information security, compliance, assurance, and/or other security best practices and principles
- Possessing and fostering an inquisitive mindset amongst team members
Core Roles & Responsibilities
- Advanced Threat Detection & Incident Response
- Act as the primary escalation point for L2 analysts and manage complex, high-severity incidents TDR L3, L4 responsibilities
- Lead deep-dive investigations across SIEM, EDR, Email Security, DLP, IAM, Network, and Cloud platforms
- Perform advanced log correlation and root cause analysis
- Drive containment, eradication, and recovery efforts aligned with IR frameworks
- Conduct post-incident reviews and recommend detection improvements
- Handle cross-functional and client escalations beyond L2 scope
- Threat Hunting & Threat Intelligence
- Conduct proactive threat hunting based on hypotheses and intelligence inputs
- Develop and operationalize IOCs and behavioral detection strategies
- Map threats to MITRE ATT&CK framework
- Identify stealthy attack patterns and reduce dwell time
- Produce threat intelligence briefings for clients and leadership
- Detection Engineering & SIEM Use Case Development
- Lead alert tuning reviews to reduce false positives and improve detection fidelity
- SIEM Content Development involves writing advanced queries (KQL, SPL, etc.), creating and customizing detection rules, alerts, dashboards, and reports within a Security Information and Event Management (SIEM) system to identify security threats and anomalies effectively.
- It includes defining use cases, writing correlation rules, tuning event filters, and integrating threat intelligence to improve incident detection and response.
- Effective content development requires in-depth knowledge of security threats, log sources, and organizational environments to ensure relevant and actionable alerts with minimal false positives
- Threat Detection Platform Management
- Oversee management and optimization of detection platforms including:
- SIEM (Splunk, MS Sentinel, Google SecOps)
- EDR (Defender, CrowdStrike, SentinelOne, Cortex XDR)
- Email Security (Proofpoint, O365)
- SOAR (XSOAR, Phantom)
- Ensure log source onboarding and data quality validation
- Drive automation playbooks and response orchestration
- Support platform health monitoring and performance improvements=
- Technical Leadership & Capability Development
- Provide technical training and mentorship to L1/L2 analysts
- Lead knowledge-sharing sessions and technical workshops
- Develop SOC playbooks, SOPs, and investigation runbooks
- Foster inquisitive and analytical mindset within the team
- Support skill uplift initiatives and capability maturity
- Policy, Governance & Compliance
- Support policy management and governance alignment
- Ensure adherence to incident handling standards and risk management processes
- Align detection controls with compliance frameworks (NIST, ISO 27001, etc.)
- Contribute to audit responses and control validation
- Client Relationship Management & Reporting
- Provide executive-ready reporting and incident summaries
- Lead technical discussions during client review calls
- Translate technical findings into business-impact language
- Support SLA adherence and operational governance meetings
- Act as a trusted advisor to client security leadership
- Continuous Improvement
- Stay updated on emerging threats, exploits, and vulnerabilities
- Research new attack vectors and detection methodologies
- Recommend enhancements in tools, automation, and workflows
- Support innovation initiatives within Cyber Managed Services
Tools Experience
- SIEM: Splunk, Microsoft Sentinel, Sentinelone, XSIAM, Google SecOps
- EDR: Defender, CrowdStrike, SentinelOne, Cortex XDR
- SOAR: Palo XSOAR, Splunk SOAR or D3 SOAR
- Email Security: Proofpoint, O365
- DLP, IAM, Proxy tools, Network Security Devices
- Cloud security monitoring platforms
Click on Apply to know more.