Consultant – Other
Job description and summary
In the field of cybersecurity, we deal with some of the most pressing issues facing businesses and governments today. We help organizations from all sectors operate securely in the digital world and play an essential role in helping our customers ensure their protection.
The UK-based PwC Ethical Hacking Team is PwC’s global center of excellence for ethical hacking. Our vision is to become the premier global ethical hacking team – the number one point of contact for FTSE 100 and Fortune 500 clients looking for a true partner. As a manager on this high-performance team, you will be responsible for assisting clients in testing the effectiveness of security controls in both the technology and human process areas. No technology-based solution can completely prevent human error – we work closely with our clients to become their trusted advisors that deliver much more than just commodity penetration testing.
Using mixed teams of experts from across the threat intelligence, incident response and ethical hacking teams, we provide customized solutions that meet the business objectives of our clients. PwC UK provides real-world attack simulation services to clients around the world from our UK base, and as a manager on this team, a large part of the role will be supporting and managing red teams.
The team consists of professionals with many backgrounds – from the red team, software development, computer networking, systems management, hardware testing and reverse engineering, as well as those who have spent their entire careers working in the cybersecurity industry. Our strength lies in our continuous expansion of our capabilities, flexibility and curiosity, and our investment in training and research to ensure that our employees develop into world-class experts in their chosen disciplines.
As Team Red Manager, you will operate in compliance with CREST and other relevant industry standards in order to provide attack simulation services of the highest caliber to our clients. Our clients are from the largest global organizations and come from all sectors including a large percentage of our traditional background in the financial services sector. Everyone shares a major goal and wants to understand the risks they face from real world threats, so we compile IAPs to meet their needs. We are increasingly seeing questions coming from corporate boards and risk committees asking questions that can only be answered through an effective discount simulation exercise.
The candidates we are looking for are ideally a current or previously qualified CREST Approved Simulation Attack Simulator (CCSAS) or Certified Simulated Attack Manager (CCSAM). Candidates should have experience in scoping and delivering top level red teams but also good experience testing network infrastructure and applications as these skills are essential when performing lateral movement and access to target platforms. Much of our work involves targets with capable monitoring and incident response teams and state-of-the-art EDR platforms, so it’s important to experiment with bypassing common products and demonstrate strong operational security awareness.
You must be a confident, experienced consultant, able to work directly with clients with strong credibility among their peers – perhaps through public speaking or exposing weaknesses.
PwC provides employees with training and review time to facilitate professional development and progression through industry examinations. Our staff are encouraged, where possible, to have a UK Government security clearance as part of this role.
As a Red Team Manager, you will have the opportunity to:
Deliver and manage relatively complex customer engagements that require the use of offensive security tools and techniques to identify vulnerabilities in customer IT environments by legally penetrating computer systems, websites, mobile applications, and wireless systems as part of real-world simulated attack scenarios;
– Research on a variety of topics including: advanced evasion techniques to enhance our Red Team’s capabilities and other new technologies and abilities;
Contribute to the creation of new private and public tools to enhance delivery capabilities;
Work with the world’s leading threat intelligence team to deliver integrated solutions to clients looking to answer the ‘who’ and ‘how’ questions of potential attacks;
Work closely with a dedicated development team to research and weaponize new vulnerabilities and technologies to bypass endpoint security solutions;
Manage and mentor junior staff through the exchange of professional and technical skills and experience;
Maintaining and developing relationships with valued customers, understanding their needs, preparing proposals to address them and making risk-based recommendations on security issues
– Conduct and manage a variety of tests including: red team and infrastructure testing both internally and externally; Application testing for both web and proprietary applications and protocols; Testing of mobile device systems including RF and WiFi solutions;
– Research on a variety of topics including: advanced evasion techniques to enhance our red team’s capabilities, and embedded devices such as the Internet of Things/Internet of Things; SCADA / ICS, Auto; coding techniques and applications; new technologies and capabilities;
Work with clients to review and enhance the security of key platforms such as Azure AD, Office 365, and a variety of supporting cloud platforms including IaaS and SaaS.
– Write risk based reports and attend customer delivery meetings;
Act as a small and medium-sized technical organization for collaborative projects with other work teams such as Incident Response, Threat Intelligence, Crisis Response, and Cyber Security Consulting;
– You can also expect to perform the following business development activities
– Meet with clients to understand their needs and help make proposals
Develop toolkits and methodologies to enhance our ability to sell and deliver
Contribute to research, public blogs and white papers to improve our public profile
Attending and speaking at conferences within the information security community
– Collaborating to develop new and innovative security services for our customers
Develop new and innovative security services for our clients
Working with our outreach teams to support schools, colleges and universities in demonstrating opportunities to the next generation in the Internet industry.
Skills and experience
Significant hands-on experience in providing a range of ethical hacking services to clients;
An expert user of Windows and Linux operating systems.
Highly experienced in using commercial security testing tools and a proven track record in interpreting and ranking results, and producing management reports.
Good working knowledge of Azure AD, Office 365 and popular cloud hosting systems.
Extensive knowledge of security testing requirements and techniques, demonstrated by cybersecurity industry qualifications such as CREST*SAS, SAM, CCT or OSCE;
– Although not a prerequisite, the following will be useful:
Exposure to database technologies, multi-tiered, web-based and cloud-based IT architectures;
Knowledge of security technologies (eg AV, SIEM, IDM, IPS, F/W, SSO, DLP)
Degree in Computer Science, Internet, or STEM subjects or demonstrate professional development, industrial qualification and work experience;
Experience in evaluating native mobile apps under both iOS and Android;
Experience in reverse engineering of binary applications and network protocols.
Experience in performing security-focused source code reviews for large scale applications;
Background in software development and application testing.
Experience in internal or external consulting or audit engagements;
Excellent business communication skills, including writing proposals, initiating client engagements, leading workshops, writing reports, and making presentations to clients;
Who are we looking for
We are looking for individuals who thrive in a high-tech entrepreneurial environment who are comfortable working independently with little supervision and have a strong desire to learn and a willingness to share knowledge. We are looking for individuals who thrive in a team environment and who understand that we are much more than the sum of our parts when working collaboratively with colleagues as well as with clients and third parties.
The people who succeed in our business have a passion for cybersecurity, are curious by nature and fuss about solving complex problems. Furthermore, they have good attention to detail associated with exceptional analytical and technical capabilities. Most of all, they desire to be excellent tryers or have a desire to be excellent communicators because we are in a business that is built on strong relationships.
We are one of the world’s leading professional services organizations. From 158 countries, we help our clients, some of the world’s most successful organizations, as well as the most dynamic entrepreneurs and thriving private companies, to create the value they want. We help measure, protect and promote the things that are most important to them.
Skills we look for in future employees
All of our employees need to demonstrate the skills and behaviors that support us in delivering our business strategy. This is important to the work we do for our business and our customers. These skills and behaviors form our global leadership framework, the “PwC Professional” and consist of five core attributes; Complete leadership, technical capabilities, business acumen and global relations acumen.
At PwC Middle East, we set an ambitious goal and strive to live it every day: solving important problems and building trust in the community.
We are a community of analysts who come together in unexpected ways to build trust and create sustainable results. We solve important problems, and support each other as we grow, develop and build satisfying careers.
PricewaterhouseCoopers provides industry-focused services to public and private clients through assurance, audit, transaction, advisory, tax and legal. We rely on our development legacy that brings together the collective expertise of more than 7,000 people in our region with offices in 12 countries to solve for tomorrow.
We strive to deliver consistently innovative work that builds trust and delivers sustainable results. We are proud of the strength that comes from all of our different backgrounds and experiences and value the uniqueness of everyone. We thrive on uncertainty, operate with integrity and benefit from the diverse perspectives of our teams.
If you are looking for a place that nurtures your ambition to make a difference, that matches your curiosity with continuous learning opportunities and reimagine ways of working to enable you to live a more balanced life, then you are the PwCer of the future.