Senior Associate: Digital Forensics/Incident Response

Management Level

Senior Associate

Job Description & Summary

At PwC, our people in forensic services focus on identifying and preventing fraudulent activities, conducting investigations, and maintaining compliance with regulatory requirements. Individuals in this field play a crucial role in safeguarding organisations against financial crimes and maintaining ethical business practices.

In fraud, investigations and regulatory enforcement at PwC, you will focus on identifying and preventing fraudulent activities, conducting investigations, and confirming compliance with regulatory requirements. You will play a crucial role in safeguarding organisations against financial crimes and maintaining ethical business practices.

Focused on relationships, you are building meaningful client connections, and learning how to manage and inspire others. Navigating increasingly complex situations, you are growing your personal brand, deepening technical expertise and awareness of your strengths. You are expected to anticipate the needs of your teams and clients, and to deliver quality. Embracing increased ambiguity, you are comfortable when the path forward isn’t clear, you ask questions, and you use these moments as opportunities to grow.

Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to:

• Respond effectively to the diverse perspectives, needs, and feelings of others.
• Use a broad range of tools, methodologies and techniques to generate new ideas and solve problems.
• Use critical thinking to break down complex concepts.
• Understand the broader objectives of your project or role and how your work fits into the overall strategy.
• Develop a deeper understanding of the business context and how it is changing.
• Use reflection to develop self awareness, enhance strengths and address development areas.
• Interpret data to inform insights and recommendations.
• Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance), the Firm's code of conduct, and independence requirements.

Main purpose of the role

· Conduct incident and investigation post-mortem analysis, and reporting;

· Conduct forensic investigations including physical/logical disk, network packet capture, memory analysis or malware analysis;

· Use EDR/XDR tools to triage and respond to cyber incidents;

· Plan, organise and devise approaches necessary to respond to incidents and obtain useful forensic information from the evidence collected;

· Prioritising and differentiating between potential intrusion activity and false alarms;

· Provide technical guidance to investigations to correctly gather, analyse and present digital evidence to both business and legal audiences;

· Collate conclusions and recommendations and present forensics findings to stakeholders;

· Contribute to the development of internal scripts and tools for incident response;

· Correlate threat intelligence with active attacks and vulnerabilities within the enterprise;

· Research and test out new DFIR tooling and techniques;

· Provide incident response support services for client assignments; and

· Assist with crisis management and driving the incident response capabilities to deal with emerging threats.

Skills and Experience

· Experience in forensic capture and investigation tools such as EnCase, X-Ways, SIFT or F-Response;

· Knowledge of Windows system internals and ability to identify common indicators of compromise from dead or live systems and live memory using tools such as the SysInternals suite, RegRipper, Volatility, or Mandiant Redline;

· Experience of gleaning and analysing security information from enterprise network and host based sensors, such as IDS/IPS systems, HIDS, SIEMs, AD controllers and firewalls;

· Expertise analysing raw network traffic captures or deployment and use of network forensics or monitoring devices such as FireEye, Solera, WireShark, SNORT or Netwitness;

· Knowledge of offensive security and ethical hacking techniques, together with Threat Intelligence methodologies.

· Consulting experience deploying and using enterprise EDR or investigative products such as Tanium, Carbon Black, Mandiant MIR, CrowdStrike Falcon or EnCase Cybersecurity (advantageous); and

· Knowledge of scripting languages such as Python, Perl or PowerShell and their use in forensic analysis and live incident response, or experience using other programming languages to develop software for host-centric, network-centric or log-centric security analysis.

Qualifications

· B.Tech, BsC Computer Science, Bcom IT or other relevant qualifications.

· Industry recognised certifications

Experience

· Management Experience would be an advantage;

· 2-3 years’ experience in incident response and/or cybersecurity;

· Digital forensics experience would be an advantage; and

· Consulting experience would be advantageous.

Key Competencies:

· The ability to draw insights from diverse data sets to aid investigations;

· Strong networking and general technical IT understanding;

· Basic scripting;

· Understanding of ISO and NIST standards

· Pro-active and committed to delivery

· Ability to perform under pressure

· Planning and organising ability

· Conflict management

· Analytical and solutions driven

· Flexible and adaptable to change

· Report writing

Drivers Licence

Essential (Non-negotiable). Own transport is required.

Overtime

In some instances, overtime will be required to meet project deliverables.

Travel

Extensive travel required in the Gauteng region and nationally. Occasional travel internationally. Further, given the nature of the role travel could be at short notice.

Language

The incumbent must be fluent in English. Fluency in any other official language(s) would be advantageous

Travel Requirements

Available for Work Visa Sponsorship?

Job Posting End Date

February 28, 2025