I have spent the past year building a genuine foundation in security operations and cyber defence - learning the craft of monitoring, analysis, and incident response from the ground up.
PwC's Managed Cyber Defence team works on meaningful security challenges for some of New Zealand's largest organisations. The identity-led managed defence model, the client-facing nature of the work, and the explicit commitment to training people who are passionate about growing - that combination is exactly what I am looking for. I am not applying here as a fallback. This is the team I want to build my career in.
Strong analytical skills and genuine attention to detail, the ability to identify trends and indicators of compromise across complex data sets, and the communication skills to provide clear technical guidance to non-technical stakeholders. I document everything meticulously - every investigation on my GitHub shows how I think, how I structure analysis, and how I communicate findings. That discipline maps directly to PwC's client-facing model.
All investigations documented with methodology, evidence, and findings - github.com/Aryaghaem/tryhackme-scripts-labs
Identified C2 beaconing patterns and active communication channels in network traffic - isolating callback intervals and mapping the active channel to attacker infrastructure.
Detected malicious registry modifications and startup folder entries used to maintain access across reboots - tracing the full persistence chain from execution to re-launch.
Investigated attacker-created Windows services and scheduled tasks, distinguishing malicious entries from legitimate system activity through event log correlation and timestamp analysis.
Used Wireshark to identify DNS exfiltration - analysing query entropy, subdomain length patterns, and query frequency to surface the data leakage channel and reconstruct exfiltrated content.
Identified Log4j RCE exploitation attempts in network traffic - JNDI lookup strings, outbound callback patterns, and post-exploitation indicators of compromise including reverse shell activity.
Traced phishing-delivered malware through Sysmon process creation events, network connections, and file drop artefacts - reconstructing the full execution chain from email to persistence.
Identified post-compromise discovery activity by analysing trends in command execution patterns - net commands, whoami, ipconfig abuse - correlating events to map the attacker's enumeration phase.
20+ documented investigations covering event monitoring, data analysis to identify trends and indicators of compromise, and threat analysis across Windows and network environments.
Every lab investigation is written up with clear findings communicated for a non-technical audience. My current IT support role involves providing technical guidance to business clients daily.
Working knowledge of PowerShell for scripting and system administration, and Python basics for data analysis and process automation - both used in lab investigations and IT support work.
Practical hands-on experience with Windows environments from both an investigation and administration perspective - understanding the systems PwC's clients run from the inside out.
Exam booked - 26 June 2026 - threats, cryptography, IAM, network security, risk management
20+ labs completed - SOC operations, threat detection, incident response, network forensics
Coursera - Dec 2025 - coursera.org/account/accomplishments/specialization/CTLYS2V86SFL
Networking, system administration, information security, Windows Server
I am applying for the Cyber Defence Analyst position at PwC New Zealand and would welcome the opportunity to discuss how I can contribute to your Managed Cyber Defence team.