, 18 tweets, 8 min read Read on Twitter
Only about two months later than I originally planned, but here we go. I'll summarise areas we are hiring into in the thread 👇, along with a steer on experience and location where possible (all UK, but happy to make introductions elsewhere).
We have space for a mix of junior and experienced folks in most roles, and there is also a mix of location and partial remote working options depending on the role, so please DM to ask clarification questions or to ask about applying :) A little background on the team:
Cyber Threat Operations is PwC's front-line technical security services group, responsible for a portfolio of blue & red team services to global clients. Blue includes subscription & bespoke #threatintel & research services, short-term & managed endpoint/network threat hunting,
#dfir & incident/crisis readiness and exercising services. The red side of the house covers pentesting, red teaming / adversary emulation, hardware reverse engineering & IoT bug hunting, and attacks against mobile apps. Red & blue also tag team on many services.
MDR: Our managed #threathunting team needs junior & experienced endpoint folks. Using EDR solutions like @PaloAltoNtwks Cortex XDR & @Tanium to hypothesise, find, investigate and remediate previously unknown behaviour. Also need service managers & tech presales too. (Edinburgh)
Deployment managers: Working with client IT/secops teams to scope, package, test & deploy @PaloAltoNtwks Cortex XDR, @Tanium & @InfocyteInc for compromise assessment, IR & MDR projects. Enterprise endpoint stack experience necessary and some PMO experience helpful. (EDI/London)
DevOps: Developing tools, APIs, scripts, systems & integrations to streamline/automate common blue and red team reqs, e.g. intel enrichment, collection systems and analytical capability, sandboxing, sinkholing, Maltego transforms etc. Python-centric tools at present.
UI/UX: Many of our systems are butt ugly! We'd love to find someone who breathes building interfaces to present/interrogate data and support investigative analyst workflows, with some understanding of typical security telemetry. Help make our analysis beautiful!
Infrastructure: Oversight of multiple on-prem, hybrid and cloud environments supporting IR, intel, hunt and red team engagements and services. Strong general ops experience needed and an enthusiasm to work with (and come up with) dynamic & ad-hoc requirements as we try new things
Elastic ops: Operations for a stack encompassing ECE, Logstash, HAProxy, Kafka & NiFi, running in GCP. Responsible for tuning, backups, expansion plans, dashboard design & log parsers, and working with red/blue teams on use cases for data mining and reporting (London)
Intrusion/TI analyst: Identify new targeted campaigns & actors, track 160+ existing actors, develop tracking techniques, produce written reporting on new actor tradecraft, trends etc., link, attribute & enrich OSINT reporting, shape tooling requirements (e.g. Maltego transforms)
Pentesters: People who really want to know how things work by taking them apart and poking holes in them. Lots of opportunities for those starting their careers who want to join a formal training program and progress towards CREST accreditations (Cardiff mostly).
IoT/hardware: Teardowns soldering iron style, hands on security VRE (large - think vehicles, small - think IoT, smart meters etc), RF comms attacks, crypto analysis, exploit development and real world red team deployments (Cardiff mostly). Also some room for bespoke malware devs.
Technical writer/editor: Working alongside threat intel & incident response teams to consolidate technical findings (e.g. from forensic image analysis or malware RE) and rough analysis notes into cohesive technical narratives and presentation content.
Remediation consultant: Can you go from briefing a CIO in crisis, to advising SecOps teams on detecting attacker activity with EDR? We want people with strong consulting/tech skills who can drive rapid security improvements to complex enterprise networks (inc AD, endpoint, SOC).
IR analyst: Responding to targeted intrusions and data breaches. Technical #dfir, including physical disk, network packet capture & memory analysis. Help victims improve telemetry during IR, conduct IR post-mortems, design playbooks & more.
If any of these sound interesting and you’re at #CyberUK19 please come say hello in person.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Kris McConkey
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!