Technical Threat Intel Analyst

BackgroundPwC’s Global Threat Intelligence team is seeking junior & mid-level technical threat intelligence analysts focused on cybercrime.PwC serves more than 200,000 clients in 152 countries, and we use our vantage point as one of the largest international professional services networks to provide global threat intelligence services, tailored and delivered locally to our clients. Our research underpins our security services and is used by public and private sector organisations around the world to protect networks, provide situational awareness and inform strategy.We focus on the identification of novel intrusion techniques and tracking of several hundred threat actors, ranging from organised crime groups to state affiliated espionage actors, originating from more than 27 countries, and we provide:• Subscription and bespoke research services to public and private sector intelligence clients globally;• Intelligence support to, and collection from incident response and managed threat hunting teams;• Insight to our adversary emulation team on novel tools and techniques used by cyber threat actors; and,• Access to cutting edge research to inform and underpin all services provided by PwC’s several thousand strong cyber security consulting practice.As a technical cybercrime analyst within PwC’s Threat Intelligence practice you’ll delve into threat actor campaigns and incident response cases relevant to PwC’s vast client base, ranging from NGOs to the world’s largest corporations. You’ll develop a deep understanding of the tools and techniques used by threat actors and report your findings to help our clients understand the threats they face, and enable them to better defend their networks. You could be involved in monitoring C2 infrastructure for an actor, targeted attack activity in a specific region, the evolution of specific malware families, and everything in between.This role will best suit a technical analyst who is highly motivated to hunt down and analyse threat activity, but also report their findings in clear, concise technical reports for our broad range of intelligence consumers.ResponsibilitiesIf you’re interested in tackling international espionage, uncovering criminal activity & tracking hacktivists – we’re keen to talk to you. We expect you will already be able to demonstrate experience in one or more of the following areas:• Developing collection and tracking techniques to identify new threat actors and campaigns, monitor the activity of known actors, and methodically attribute new activity from both open and closed data sources using a variety of bespoke, commercial and open source tools and systems.• Participating in analysis surges to renew and further develop knowledge on new and existing threat actors.• Applying a robust analytical methodology to support conclusions in relation to specific threat actors, and an ability to rationalise and articulate your conclusions.• Understanding of network protocols, attack lifecycles and actor tradecraft.• Supporting the generation of analytic content, detection concepts, and network and host based detection methods;• Researching and developing new tools and scripts to continually update or improve our threat intelligence automation processes, collection methods and analytical capability.• Supporting incident response and Managed Security Services teams with ad-hoc analysis requests, and organising the collection, processing and analysis of artifacts and indicators identified from client incidents.• Support business as usual operations such as monitoring open source for new information and responding to ad-hoc client RFIs.• Delivering reports and presentations based on research into emerging threats, sharing your findings with clients, or with the public or security community via blogs, conference presentations etc.• Familiarity with Windows system internals, persistence techniques, advanced malware techniques etc.Desirable but non essential skills• An understanding of common analysis techniques and frameworks used in CTI, such as threat modeling techniques like the Diamond model, Kill Chain, and F3EAD.• Knowledge of open source and commercial platforms, tools and frameworks used within threat intelligence teams, such as threat intelligence platforms, malware sandboxes and reverse engineering tools, such as Ghidra or IDA Pro.• Experience with Maltego, including custom transforms, and its use in mapping out intrusion sets.• Baseline knowledge of threat actors, attribution concepts, and high profile cyber incidents;• Expertise in Python; and,• Competency exploiting common intelligence datasets, including commercial repositories of information relating to malware and internet data (domain, IP, netflow, certificate tracking etc.), and closed sources including incident response and other bespoke collection.• Language skills - in particular Russian, or Portuguese.