Endpoint Detection Engineering Manager

---

Job description

PwC's Global Threat Intelligence and Detection Engineering practice is seeking a technical endpoint detection engineer and threat hunter who has a passion and aptitude for developing behavioural techniques and analytics to detect adversary behaviour in enterprise IT networks.The team focuses on the identification of novel intrusion techniques and tracking of several hundred threat actors, ranging from organised crime groups to state affiliated espionage actors, originating from more than 25 countries.It is responsible for the development and delivery of technical and strategic threat research and intelligence services and provides:Subscription behavioural threat hunting content and intelligence research to public and private sector clients globally;Intelligence support to, and collection from incident response and managed threat hunting teams;Insight to our adversary emulation team on novel tools and techniques used by cyber threat actors; and,Access to cutting edge research to inform and underpin all services provided by PwC's several thousand strong cyber security consulting practice.As a detection engineer within PwC's Global Threat Intelligence practice you will lead research and engineering efforts for novel blue team and threat hunting techniques with endpoint telemetry, and develop and refine a bespoke content library for EDR solutions such as Microsoft Defender for Endpoint, Palo Alto Networks Cortex XDR and Tanium. You will work closely with threat research and incident response teams investigating attacker activity in the wild, red teams seeking to develop new techniques, and managed services teams deploying your content into client environments, where you will also work with telemetry for testing purposes.

Responsibilities and experience

If you're interested in developing detection content and analytical techniques to combat state sponsored espionage, human operated ransomware intrusions and insider threats, we're keen to talk to you. We expect you will already be able to demonstrate experience in several of the following areas:

• Supporting the generation of analytic content, detection concepts, and host based detection methods;

• Developing and documenting behavioural detection content for EDR solutions.

• Testing and tuning of detection content in production environments to ensure robustness.

• Deep technical understanding of MITRE ATT&CK and its use in mapping detection coverage.

• Familiarity with common detection content grammars, such as Sigma or Yara, and their use in standardising cross-platform detection capability.

• Threat hunting principles, techniques and real-world application in enterprise IT environments.

• Managing custom content in large-scale EDR deployments.

• Understanding of network intrusion lifecycles and actor tradecraft.

• Proactively analysing malware behaviour, attacker tools, and newly discovered techniques for new detection opportunities.

• The use of automation or orchestration techniques to streamline the investigation of alerts or minimise false positives.

• Researching and developing new tools and scripts to continually update or improve our threat detection automation processes, collection methods and analytical capability.

• A detailed understanding of the Windows operating system, Active Directory, and associated security events and telemetry.

• Improving the level of logging or telemetry from enterprise IT environments in order to maximise the potential for behavioural detection content to be applied.

• Delivering reports and presentations based on research into emerging threats, communicating your findings with adjacent teams and clients, or with the public or security community via blogs, conference presentations etc.

Desirable but non essential skills

• Experience developing, mentoring or training junior staff.

• Experience with incident response techniques in enterprise or cloud environments.

• Experience using version control systems and CI/CD pipelines.

• Experience in Python scripting.

Risk
We're a leading provider of trust in the digital world - in the eyes of our people, our clients and our stakeholders. Today's business environment is different. More complex. More connected. Companies not only face new and unknown risks, but also new and untapped opportunities. Our team is at the forefront of this change, join us to be a part of transforming how risk is perceived and capitalised on.

Not the role for you?
Did you know PwC offer flexible contract arrangements as well as contingent work (ie temporary or day rate contracting)?

The skills we look for in future employees
All our people need to demonstrate the skills and behaviours that support us in delivering our business strategy. This is important to the work we do for our business, and our clients. These skills and behaviours make up our global leadership framework, 'The PwC Professional' and are made up of five core attributes; whole leadership, technical capabilities, business acumen, global acumen and relationships.

Learn more here:

The Deal
We want all of our people to feel empowered to be the best that they can be, which is why we have 'The Deal'.

Find out more about our firmwide Employee Value Proposition:

Diversity
Valuing Difference. Driving Inclusion.

We work in a changing world which offers great opportunities for people with diverse backgrounds and experiences. We seek to attract and employ the best people from the widest talent pool because creating value through diversity is what makes us strong as a business, enabling us to solve important problems and deliver value to our clients. We encourage an inclusive culture where people can be themselves, are valued for their strengths and are empowered to be the best they can be. As an organisation with an increasingly agile workforce, we also support different ways of working offering flexible working arrangements. Learn more here about our work to support an inclusive culture.