Description

At PwC, we measure success by our ability to create the value that our clients and our people are looking for. Our reputation lies in building lasting relationships with our clients and a focus on delivering value in all we do. We’re a network of firms in 158 countries with more than 236,000 people who are committed to delivering world-class capabilities and quality in assurance, tax and advisory services.

Established in the region for 40 years, PwC Middle East employs over 4,200 people across 12 countries. Complementing our depth of industry expertise and breadth of skills is our sound knowledge of local business environments across the Middle East region. Our tailored solutions help our clients meet the challenges and opportunities of doing business in the Middle East market and beyond.

Line of Service

Advisory

Industry/Sector

Technology

Specialism

Advisory - Other

Management Level

Senior Associate

Job Description & Summary

About PwC ETIC - Egypt Technology and Innovation Centre

PwC is opening a new Technology & Innovation Center in Cairo that will

deliver high quality technology solutions to consulting Clients across the

globe. The Centre will provide a broad suite of skills and services to our

clients, ranging from Packaged Applications such as SAP & Oracle, to

Cybersecurity, Data Analytics, Custom Development and Cloud services

utilising AWS, Azure and Google, as well as expanding our existing

Managed Services capabilities.

The centre is looking to expand rapidly and we are looking for

enthusiastic self-starters with a passion for technology and client

delivery to help shape and form this new venture.

About Our Practice

Cyber security is one of the defining topics of our age, and cyber risk represents one of the most significant strategic risks to PwC’s clients. In a recent PwC survey, it remains the top risk in the minds of CEO’s globally, with 91% of UK CEOs rating it as a significant concern. Businesses are changing rapidly, facing disrupted supply chains, rapidly changing workforces and accelerating digital transformation on an unprecedented scale.

At PwC we help our clients transform, and our cyber security practice enables them to execute that transformation securely and to become more resilient to cyber security threats. Our cyber security practice operates nationally, and serves clients holistically with strategy, risk and governance advice, and with deep technical implementation and assurance expertise.

Cloud Security - Configuration Review, core responsibility

Overview

• It involves examining the settings, configurations, and policies used in the IT environment, identifying potential security gaps and vulnerabilities, and recommending best practices to improve the security posture of the organization. The assets in scope can be (Network appliances, security appliances and popular operating systems such as Microsoft windows, Unix, and Linux), the reviewer is expected to look into configurations, setting as well as the man made rules such as firewall rules or access lists to check for any deviations.
  
  

Configuration review process:

• Validate the Scope: Confirm and validate the scope of the assessment, including the systems and devices to be reviewed, the types of configuration settings to be assessed, and any specific security policies and standards that apply.
• Prepare the Assessment Criteria or checklist: Develop assessment criteria and checklist based on vendor best practices, industry standards and applicable client policies and procedures. The standards can include frameworks such as CIS Controls or NIST Cybersecurity Framework.
• Conduct the Assessment: Conduct the assessment, reviewing the configurations of systems and devices against the assessment criteria. This can be done using automated tools, manual review, or a combination of both.
• Identify Findings: Identify any findings or deviations from the assessment criteria. This can include misconfigurations, missing patches, or insecure settings.
• Analyze Findings: Analyze the findings to determine their impact on the security posture of the organization. Prioritize the findings based on the risk they pose to the organization.
• Develop Recommendations: Develop recommendations for remediation of the findings, including specific actions to be taken and timelines for completion.
• Present Findings and Recommendations: Present the findings and recommendations to key stakeholders in the organization.
  
  

Overall, a configuration review assessment involves a thorough review of configurations against established criteria and checklist to identify potential security risks and develop recommendations for remediation.

Experience in the those or similar tools is preferred: Nipper, Tripwire, Qualys, Nessus, Algosec...etc

Role Requirements

▪ Good understanding and practical experience in infrastructure and Cloud

platform security

▪ Good understanding of Microsoft Sentinel and KQL

▪ Experience and proven record of success in integrating custom connectors

with Sentinel using APIs. If you have no direct experience with Sentinel,

individuals with good developer skills will be considered

▪ Experience with M365 Threat Protection technologies including Microsoft

Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for

Office 365, and Microsoft Defender for Cloud Apps

▪ Experience with Azure Security technologies including Microsoft Defender for

Cloud, Key Vault, Azure DDoS Protection, and other

▪ Experience with Information Protection technologies such as Azure

Information Protection, Windows Information Protection

للتقديم الان