Only about two months later than I originally planned, but here we go. I'll summarise areas we are hiring into in the thread 👇, along with a steer on experience and location where possible (all UK, but happy to make introductions elsewhere).

https://twitter.com/smoothimpact/status/1099403302138249217

We have space for a mix of junior and experienced folks in most roles, and there is also a mix of location and partial remote working options depending on the role, so please DM to ask clarification questions or to ask about applying :) A little background on the team:

Cyber Threat Operations is PwC's front-line technical security services group, responsible for a portfolio of blue & red team services to global clients. Blue includes subscription & bespoke #threatintel & research services, short-term & managed endpoint/network threat hunting,

#dfir & incident/crisis readiness and exercising services. The red side of the house covers pentesting, red teaming / adversary emulation, hardware reverse engineering & IoT bug hunting, and attacks against mobile apps. Red & blue also tag team on many services.

Kickass team to work with & learn from, e.g. @jaded_muse @pewpew_lazors @linkcabin @KrystleM_Reid @Securityswan (TI), @fromCharCode @ipsosCustodes @threatitude @Wietze (Hunt), @gabrielcurrie @willoram @SomeIRguy @_FloatingPoint @MrThreatFinder (IR), @StuCriddle (EH) & dozens more

MDR: Our managed #threathunting team needs junior & experienced endpoint folks. Using EDR solutions like @PaloAltoNtwks Cortex XDR & @Tanium to hypothesise, find, investigate and remediate previously unknown behaviour. Also need service managers & tech presales too. (Edinburgh)

Deployment managers: Working with client IT/secops teams to scope, package, test & deploy @PaloAltoNtwks Cortex XDR, @Tanium & @InfocyteInc for compromise assessment, IR & MDR projects. Enterprise endpoint stack experience necessary and some PMO experience helpful. (EDI/London)

DevOps: Developing tools, APIs, scripts, systems & integrations to streamline/automate common blue and red team reqs, e.g. intel enrichment, collection systems and analytical capability, sandboxing, sinkholing, Maltego transforms etc. Python-centric tools at present.

UI/UX: Many of our systems are butt ugly! We'd love to find someone who breathes building interfaces to present/interrogate data and support investigative analyst workflows, with some understanding of typical security telemetry. Help make our analysis beautiful!

Infrastructure: Oversight of multiple on-prem, hybrid and cloud environments supporting IR, intel, hunt and red team engagements and services. Strong general ops experience needed and an enthusiasm to work with (and come up with) dynamic & ad-hoc requirements as we try new things

Elastic ops: Operations for a stack encompassing ECE, Logstash, HAProxy, Kafka & NiFi, running in GCP. Responsible for tuning, backups, expansion plans, dashboard design & log parsers, and working with red/blue teams on use cases for data mining and reporting (London)

Intrusion/TI analyst: Identify new targeted campaigns & actors, track 160+ existing actors, develop tracking techniques, produce written reporting on new actor tradecraft, trends etc., link, attribute & enrich OSINT reporting, shape tooling requirements (e.g. Maltego transforms)

Pentesters: People who really want to know how things work by taking them apart and poking holes in them. Lots of opportunities for those starting their careers who want to join a formal training program and progress towards CREST accreditations (Cardiff mostly).

IoT/hardware: Teardowns soldering iron style, hands on security VRE (large - think vehicles, small - think IoT, smart meters etc), RF comms attacks, crypto analysis, exploit development and real world red team deployments (Cardiff mostly). Also some room for bespoke malware devs.

Technical writer/editor: Working alongside threat intel & incident response teams to consolidate technical findings (e.g. from forensic image analysis or malware RE) and rough analysis notes into cohesive technical narratives and presentation content.

Remediation consultant: Can you go from briefing a CIO in crisis, to advising SecOps teams on detecting attacker activity with EDR? We want people with strong consulting/tech skills who can drive rapid security improvements to complex enterprise networks (inc AD, endpoint, SOC).

IR analyst: Responding to targeted intrusions and data breaches. Technical #dfir, including physical disk, network packet capture & memory analysis. Help victims improve telemetry during IR, conduct IR post-mortems, design playbooks & more.

If any of these sound interesting and you’re at #CyberUK19 please come say hello in person.