Principal Analyst: Information Security Incident Response

Make an impact with NTT DATA
Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it's a place where you can grow, belong and thrive.

Your day at NTT DATA
The Principal Information Security Incident Response Analyst is a highly skilled subject matter exper, responsible for providing an escalation path for Level 1 and 2 workflows for high-risk incidents.

Additionally, this role facilitates proactive security measures through analytics and threat hunting processes and is responsible for detecting and monitoring escalated threats and suspicious activity affecting company technology domain (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments).

This role is responsible to manage critical and high-risk exposures in the daily operation of real-time threat management activities.

This senior technical resource facilitates problem resolution and mentoring for the overall team. This includes operational security tasks such as performance and availability monitoring, log monitoring, security incident detection and response, security event reporting, and content maintenance (tuning).

Key responsibilities:

• Manages weekly sprints in Threat Hunting analytics.
• Manages the processing of security alerts, events, and notifications (e.g. via email, ticketing, virus warning, intelligence feeds, workflow, etc.).
• Manages the notification of internal and/or external teams according to agreed alert priority levels, and escalation trees.
• Monitors events for suspicious events, investigation, and escalate where applicable.
• Maintains an understanding of current and emerging threats, vulnerabilities, and trends.
• Prioritizes threat analysis based on risks associated with each threat and working with the appropriate teams to ensure related communications are in line with company best practice and recommendations.
• Acts as the primary technical lead for the Computer Incident Response Team (CIRT), coordinating the work of technical staff from various departments, as well as the work of third-party technical experts.
• Ties third party attack monitoring services and threat reporting services, into internal CIRT communications systems, so as to better alert CIRT team members about what's coming, and what preparations to undertake before production systems at NTT Ltd are damaged (and what remedial actions to take after damage has taken place).
• Regularly reviews the current configurations of NTT Ltd production information systems and networks, with an eye towards the steps that attackers must take to break through existing defenses, and recommends configuration changes, system setting changes, network topology changes, and other modifications that would enhance the overall level of security.
• Designs, specifies, programs, deploys, and fine-tunes custom software which analyses the vast amount of log, audit trail, and other recorded activity information that modern systems record, so as to be able to immediately detect unauthorized activity, most importantly intrusion by unauthorized parties and the execution of unauthorized software.
• Designs automated scripts, automated contingency plans, and other programmed responses which are launched when an attack against company systems has been detected.
• Designs, specifies, programs, debugs, and oversees the work of others related to middleware, and other system integration tools, which tie multiple security monitoring systems together so as to better meet company information security needs.
• Performs post-mortem analyze with logs, network traffic flows, and other recorded information to identify intrusions by unauthorized parties, as well as unauthorized activities of authorized users.
• Reviews incident and problem management reports to identify potential security weaknesses and perform an impact and risk analysis, developing recommendations for highlighted risks, ensuring that these risks and solutions are presented to the relevant stakeholders.
• Ensures that security service audit schedules are developed, scoped, discussed and agreed with the business.
• Reviews access authorization for compliance with policy, administration security controls for effectiveness, security on the operational systems and verify that security monitoring is working.

To thrive in this role, you need to have:

• Ability to remain calm and focused during stressful situations.
• Ability to listen and adapt to changing situations.
• Ability to recognize potential problems and take steps to fix the issues.
• Extended understanding of complex inter-relationships in an overall system or process.
• Extended knowledge of technological advances within the information security arena.
• Demonstrates analytical thinking and a proactive approach.
• Displays consistent client focus and orientation.
• Extended knowledge of information security management and policies.
• Extended understanding of current and emerging threats, vulnerabilities, and trends.
• Extended understanding of malware forensics, network forensics, and computer forensics also highly desirable.
• Ability to statically and dynamically analyze malware to determine target and intention.
• Ability to uncover and document tools, techniques, procedures used by cyber adversaries in attacking managed infrastructure.
• Sound decision making abilities with demonstrate teamwork and collaboration skills.
• Displays good planning and organizing ability.

Academic qualifications and certifications:

• Bachelor's degree or equivalent in Information Technology, Computer Science or related field.
• SANS GIAC Security Essentials (GSEC) or equivalent preferred.
• SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred.
• SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred.
• Industry certifications such as CISSP, CISM, CISA, CEH, CHFI preferred.
• Information Technology / ITILSM / ICT Security / ITIL v3 preferred.

Required experience:

• Extended experience in a Technology Information Security Industry.
• Extended experience working in a SOC/CSIRT.
• Extended experience or knowledge of SIEM and IPS technologies.
• Extended experience with Wireshark, tcpdump, Remnux, decoders for conducting payload analysis.
• Extended experience in building SIEM rules and/or indicators of compromise for threat detection.

Workplace type:

On-site Working

About NTT DATA
NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo.

Equal Opportunity Employer
NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

---