Incident Response Remediation Manager - Senior Manager

PwC is a market leading provider of cyber security services to major organisations worldwide. Our global team of over 4,850 cybersecurity professionals includes specialised consultants, former law enforcement officials, forensic investigators, intelligence analysts, data scientists, legal professionals and industry leaders in cybersecurity and privacy. We are rated as a leader by multiple industry analysts for Global, EMEA and Asia-Pacific Cybersecurity Consulting services.
Our multi-disciplined Cyber Incident Response (CIR) practice is central to this. Our team supports PwC's clients in crisis to prepare, respond and recover from cyber attacks, as well as reduce the risk of attacks by using the insights we have gained from being at the front-lines of investigating these attacks.
Now is an exciting time to join the team and help shape and execute ambitious plans over the next 5 years. A key part of this will be increasing our capacity to help our clients prepare for and reduce the risk of attacks. This includes working with our clients' security operations teams to improve their ability to detect and respond to attacks, and with their IT teams to implement targeted technical improvements that increase "cost to the attacker".
Our Cyber Incident Response practice works closely alongside many other of our front-line technical teams, including our global threat intelligence team, our Managed Cyber Defence threat hunting team and our ethical hacking practice. We also work with PwC's dedicated crisis coordination team to provide support to clients at all levels of their organisations.
Experience
We want team members with a strong technical understanding of how organisations can prevent, detect, assess and respond to cybersecurity threats and incidents, as well as how to build best of class Incident Response and security operations capabilities.
We also want team members who will be passionate about developing and improving our technical consulting offerings using the insights gained from being at the front-lines of investigating these cyber attacks.
You should have a proven ability to lead teams and projects in complex programs of transformation, or technical remediation of cyber incidents. You will have an in-depth understanding of cyber incidents and the technical remediation of systems with a particular focus on the Microsoft technology stack. You should also understand the processes, techniques and tools used by security operations and Incident Response teams
We are also looking for team members with high levels of communication skills, as well as consulting and project management experience. You will also be able to easily flex between work with both technical client stakeholders, such as SOC analysts, as well as senior stakeholders such as a Head of SOCs, Head of Cyber Security or CIO.
You will ideally have experience such as:

• Deep knowledge of the Microsoft technology stack with a particular focus on Active Directory and Azure Active Directory and an understanding of architecture and security engineering principles;
• Collaborating with Incident Response teams to plan and deliver targeted remediation activities after cyber security incidents;
• Working collaboratively with IT teams to remediate vulnerabilities identified through red team engagements, penetration testing and vulnerability scanning;
• Planning and coordination of large-scale security Incident Response, remediation and recovery efforts involving multiple parties and teams;
• Acting as the subject matter expert or technical team lead for organisations in cyber crisis and data breach situations, and providing technical response strategy and execution support to enable them to successfully resolve, remediate, and recover from cyber security incidents.
• A robust understanding of the typical techniques used by attackers, ranging from criminal to state affiliated groups and securing an IT system against common attacker techniques aligned to the MITRE ATT&CK framework;
• Developing cyber Incident Response plan, playbooks and processes that allow security operations team to rapidly and effectively respond to incidents;

Responsibilities
We are looking for passionate, motivated and experienced individuals that can lead our work helping clients contain and remediate following cyber incidents. You will be responsible for developing the capability in the team and driving future strategy, as well as assisting clients improve their cyber security through a range of services.
As this role would be part of our multidisciplinary Cyber Incident Response practice, this role would also include assisting the wider team to help clients respond to cyber security incidents.

• Lead client engagements across our Incident Response services portfolio to help clients remediate their environments following cyber incidents. Responsibilities will include acting as the key point of contact for senior client stakeholders, setting direction for the project teams, and being accountable for the technical excellence of our delivery. Example projects include:
  
  • Designing and implementing improvements to our clients detection tooling;
  • Setting roadmaps for future implementation of targeted improvements to increase cost to the attacker.
  • Assessing organisations' ability to detect and respond to cyber attacks;
  • Understanding organisations' vulnerability to specific cyber security threats;
  • Delivering remediation projects for clients who have had cyber security incidents, and assisting plan cyber transformations;
  • Testing and improving cyber Incident Response plans, runbooks and processes;
• Contribute to capability development, proposition development and thought leadership initiatives;
• Provide mentoring and oversight to the Incident Response practice to help the team grow and develop;
• Collaborate and build relationships with PwC's wider Cyber Security practice, sharing insights gained from responding to incidents and helping other teams win and deliver work;
• Originate, cultivate and maintain relationships with existing and new clients, and support outreach and business development efforts in collaboration with other teams;
• Develop, enhance or refine the portfolio of Incident Response services in line with market trends, emerging threats, or opportunities for innovation or market disruption;
• Support the execution of our business strategy and growing PwC's reputation in the cyber security market, for example by taking on responsibility for relationships with third parties such as technology alliance partners; and,
• Play a key role in PwC's global Incident Response community to support knowledge sharing, practice development and to pursue opportunities in collaboration with global colleagues.