Managed Services - Cyber - Security Analysts - Associate-Operate

Associate TDR Operations Associate L1 (India) 

A career in our Cyber Managed Services will provide you the opportunity to solve our clients' most critical business and data protection-related challenges. You will be part of a growing team driving strategic programs, data analytics, innovation, deals, cyber resiliency, response, and technical implementation activities. You will have access to not only the top Cybersecurity, Privacy, and Forensics professionals at PwC, but also to our clients and industry analysts across the globe. 

A career in our Advisory Acceleration Center is the natural extension of PwC’s leading class global delivery capabilities. We provide premium, cost-effective, high-quality services that support process quality and delivery capability in support of client engagements. Our Acceleration Center team extends our leading Cybersecurity, Privacy & Forensics capabilities. 

As a Cyber Ops Associate, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to: 

• Share and collaborate effectively with others, creating a positive team spirit. 

• Identify and make suggestions for improvements when problems and/or opportunities arise. 

• Validate data and analysis for accuracy and relevance. 

• Follow risk management and compliance procedures. 

• Keep up-to-date with developments in your area of specialty. 

• Communicate confidently in a clear, concise, and articulate manner - verbally and in written form. 

• Seek opportunities to learn about the wider economy alongside the business models/corporate governance and/or regulatory environment of our clients. 

• Uphold the firm's code of ethics and business conduct. 

Basic Qualifications: 

• Minimum Degree Required: Bachelor’s Degree 

• Minimum Years of Experience: 3-5 Years 

• Certification(s) Preferred: CEH, Security+, CHFI, CTIA, or Any SANS certification. 

Preferred Knowledge/Skills: 

Demonstrates knowledge, leadership, and/or a proven record of success in the following areas: 

• Networking and applying Network Principles (including the OSI Model, TCP/IP, DNS, HTTP, SMTP), System Administration, and Security Architecture. 

• Applying Incident Response Frameworks and Handling Procedures. 

• Fluency with the cyber attack lifecycle and/or the tactics, techniques, and procedures of threat actors. 

• Information security, compliance, assurance, and/or other security best practices and principles. 

• Possessing and fostering an inquisitive mindset amongst team members. 

SOC L1 Analyst Responsibilities: 

• Monitoring: Continuously monitor security alerts and events generated by various security tools, such as SIEM (Security Information and Event Management) systems, Endpoint Detection and Response (EDR), intrusion detection systems, SOAR, UEBA, Email Gateway, Proxy, and firewalls. 

• Incident Detection and Analysis: Analyze security events and incidents to identify potential security breaches or threats. This involves investigating alerts, analyzing network traffic, user/host anomalies, phishing, and conducting initial triage to determine the severity and impact of the incident. 

• Incident Response: Respond to security incidents by following established procedures, protocols, and SLAs. This may involve escalating incidents to higher-level analysts or incident response teams, coordinating with end-users/stakeholders and IT teams, and documenting incident details as per the standard templates. 

• Threat Intelligence: Stay updated on the latest security threats, vulnerabilities, and Zero-Day attacks. Leverage threat intelligence sources to identify potential indicators of compromise/Indicators of Attack and proactively detect emerging threats, notifying leadership and client teams about these threats. 

• Threat Hunting: Detect and mitigate potential threats that may bypass traditional security measures. Utilize various tools and techniques to identify indicators of compromise (IOCs) and potential attack vectors. By continuously monitoring threat intelligence feeds and analyzing security bulletins, stay updated on the latest attack techniques and vulnerabilities. Collaborate with other security teams to investigate incidents, develop hunting techniques, document findings, and provide reports to management. 

• Documentation and Reporting: Maintain accurate and detailed records of security incidents, including incident timelines, actions taken, and outcomes. Prepare incident reports and contribute to post-incident reviews and lessons learned sessions, also working on client weekly, monthly, and quarterly reports. 

• Collaboration: Collaborate with other analysts of the SOC team, as well as with leadership teams, to share knowledge, insights, and best practices. Work closely with client incident response teams to ensure effective incident resolution and mitigation. 

• Continuous Improvement: Contribute to the improvement of security monitoring and incident response processes by identifying areas for SOP/procedure enhancement, proposing solutions, automations, and alert tunings. 

• Compliance: Ensure compliance with relevant security standards, regulations, and policies, such as PCI DSS, HIPAA, or GDPR. 

Tools Knowledge: 

• SentinelOne, Splunk, MS Sentinel, MS Defender EDR, CrowdStrike, Cortex XDR, Palo Alto XSOAR, Phantom, O365, Proofpoint, DLP 

• SentinelOne: Monitoring and analyzing security alerts and logs through SentinelOne SIEM, performing initial triage of security incidents and escalating them as needed. Additionally, collaborate closely with L2/L3 analysts to support incident response and threat hunting efforts. Engage in basic dashboard building, watchlist creation, running queries, and developing an understanding of security use cases to enhance detection capabilities.