A career in our Cybersecurity, Privacy and Forensics will provide you the opportunity to solve our clients most critical business and data protection related challenges. You will be part of a growing team driving strategic programs, data analytics, innovation, deals, cyber resilency, response, and technical implementation activities. You will have access to not only the top Cybersecurity, Privacy and Forensics professionals at PwC, but at our clients and industry analysts across the globe. Our Corporate and Threat Intelligence team focuses on assisting our clients with reputational due diligence, social media monitoring, intelligence consulting and investigative matters. Our team includes staff with dozens of language skills, strong writing and investigative skills and diverse backgrounds. We use these skills to help out clients make informed business decisions in our fast paced business environment.

• Pursue opportunities to develop existing and new skills outside of comfort zone.
• Act to resolve issues which prevent effective team working, even during times of change and uncertainty.
• Coach others and encourage them to take ownership of their development.
• Analyse complex ideas or proposals and build a range of meaningful recommendations.
• Use multiple sources of information including broader stakeholder views to develop solutions and recommendations.
• Address sub-standard work or work that does not meet firm's/client's expectations.
• Develop a perspective on key global trends, including globalisation, and how they impact the firm and our clients.
• Manage a variety of viewpoints to build consensus and create positive outcomes for all parties.
• Focus on building trusted relationships.
• Uphold the firm's code of ethics and business conduct.

• Developing collection and tracking techniques to identify new threat actors and campaigns, monitor the activity of known actors, and methodically attribute new activity from both open and closed data sources using a variety of bespoke, commercial and open source tools and systems;
• Participating in analysis surges to renew and further develop knowledge on new and existing threat actors;
• Applying a robust analytical methodology to support conclusions in relation to specific threat actors, and an ability to rationalize and articulate your conclusions;
• Understanding of network protocols, attack lifecycles and actor tradecraft;
• Supporting the generation of analytic content, detection concepts, and network and host based detection methods;
• Performing static and dynamic reverse engineering in order to identify and classify new samples, understand C2 protocols and functional capability;
• Researching and developing new tools and scripts to continually update or improve our threat intelligence automation processes, collection methods and analytical capability;
• Supporting incident response and Managed Cyber Defense teams with ad-hoc analysis requests, and organizing the collection, processing and analysis of artifacts and indicators identified from client incidents;
• Supporting business as usual operations such as monitoring open source for new information and responding to ad-hoc client RFIs;
• Delivering reports and presentations based on research into emerging threats, sharing your findings with clients, or with the public or security community via blogs, conference presentations etc.;
• Possessing familiarity with Windows system internals, persistence techniques, advanced malware techniques, etc.; and,
• Leveraging static and dynamic reverse engineering using reverse engineering tools such as Ghidra or IDA Pro in order to identify and classify new samples, understand C2 protocols and functional capability.

• Understanding of common analysis techniques and frameworks used in CTI, such as threat modeling techniques like the Diamond model, Kill Chain, and F3EAD;
• Understanding and knowledge of open source and commercial platforms, tools and frameworks used within threat intelligence teams, such as threat intelligence platforms, malware sandboxes and reverse engineering tools, such as Ghidra or IDA Pro;
• Understanding of and experience with Maltego, including custom transforms, and its use in mapping out intrusion sets;
• Having an understanding and baseline knowledge of threat actors, attribution concepts, and high profile cyber incidents;
• Utilizing experience in Python;
• Exploiting common intelligence datasets, including commercial repositories of information relating to malware and internet data (domain, IP, netflow, certificate tracking etc.), and closed sources including incident response and other bespoke collection; and,
• Reading and communication in one or more of the following languages: Mandarin, Cantonese, Russian, or Persian/Farsi.