Manager, Information Security Incident Response

Make an impact with NTT DATA
Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it's a place where you can grow, belong and thrive.

Your day at NTT DATA
The Manager, Information Security Incident Response is a management role, responsible for managing the Information Security Incident Response Management team. This role ensures their team is equipped and enabled to detect and monitor threats and suspicious activity affecting the organization's technology domain.

This role serves as the escalation point for incidents workflows and participates in the delivery of security measures through analytics and threat hunting processes.

The Senior Manager, Information Security Incident Response manages a team of security professionals whilst fostering a collaborative and innovative team culture focused on operational excellence.

Key responsibilities:

• Provides coaching and mentoring to a team whilst establishing and monitoring individual and team KPIs ensuring that the team achieve business objectives and goals.
• Acts as the escalation point for incident workflows and oversees the performance of weekly threat hunting activities.
• Oversees the review of current configurations of company production information systems and networks against compliance standards.
• Manages the team who provides technical support by ensuring that security alerts, events, and notifications are processed. For example, via email, ticketing, virus warning, intelligence feeds, workflow, etc.
• Engages with internal and/or external teams according to agreed alert priority levels, and escalation trees and ensures the monitoring of events for suspicious events, investigation, and escalate where applicable.
• Ensures the prioritization of threat analysis based on risks associated with each threat and working with the appropriate teams to ensure related communications are in line with company best practice and recommendations.
• Ensures the team is equipped and enabled to act as a subject matter expert for the Computer Incident Response Team.
• Works on strategic custom software projects which analyzes the vast amount of log, audit trail, and other recorded activity information that modern systems record.
• Participates in the design of automated scripts, contingency plans, and other program responses which are launched when an attack against organizational systems has been detected.
• Works on strategic projects and supports the work of others related to middleware, and other system integration tools.
• Fine-tunes the existing security monitoring systems so that false positives and false negatives are minimized.
• Participates in product evaluations for those information security monitoring systems that are being seriously considered for use on organizational production information systems.
• Manages the prevention and resolution of security breaches and ensures that the required incident and problem management processes are initiated to ensure compliance to policy.
• Conducts presentations of the security breaches findings to the business and advise on new measures required to prevent reoccurrence of similar breaches.
• Reviews incident and problem management reports to identify potential security weaknesses and perform an impact and risk analysis, developing recommendations for highlighted risks, ensuring that these risks and solutions are presented to the relevant stakeholders.
• Ensures that security service audit schedules are implemented and agreed with the business.

To thrive in this role, you need to have:

• Ability to remain calm and focused during stressful situations.
• Ability to listen and adapt to changing situations.
• Ability to lead effectively by motivating their team(s) to perform better.
• Ability to recognize potential problems and take steps to fix the issues.
• Advanced understanding of complex inter-relationships in an overall system or process.
• Advanced knowledge of technological advances within the information security arena.
• Demonstrates analytical thinking and a proactive approach.
• Displays consistent client focus and orientation.
• Advanced knowledge of information security management and policies.
• Advanced understanding of current and emerging threats, vulnerabilities, and trends.
• Advanced understanding of malware forensics, network forensics, and computer forensics also highly desirable.
• Ability to statically and dynamically analyze malware to determine target and intention.
• Ability to uncover and document tools, techniques, procedures used by cyber adversaries in attacking managed infrastructure.
• Sound decision making abilities with demonstrate teamwork and collaboration skills.
• Displays good planning and organizing ability.

Academic qualifications and certifications:

• Bachelor's degree or equivalent in Information Technology, Computer Science or related field.
• SANS GIAC Security Essentials (GSEC) or equivalent preferred.
• SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred.
• SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred.
• Industry certifications such as CISSP, CISM, CISA, CEH, CHFI preferred.
• Information Technology / ITILSM / ICT Security / ITIL v3 preferred.

Required experience:

• Advanced experience in a Technology Information Security Industry.
• Advanced prior experience working in a SOC/CSIR.
• Comprehension and practical knowledge of the "Cyber Threat Kill Chains".
• Advanced knowledge of Tools, Techniques and Processes (TTP) used by threat actors.
• Advanced practical knowledge of "indicators of compromise" (IOC's).
• Advanced experience with End Point Protection and Enterprise Detention and Response Software.
• Advanced experience or knowledge of SIEM and IPS technologies.
• Advanced experience with Wireshark, tcpdump, Remnux, decoders for conducting payload analysis.
• Knowledge of malware analysis, hacking techniques, latest vulnerabilities, and security trends.
• Preferably an interest, or knowledge of, or experience with SIEM and IPS technologies.
• Advanced knowledge of network technologies including routers, switches, firewalls
• Advanced prior demonstrated experience managing and leading a team in a related field.

Workplace type:

Hybrid Working

About NTT DATA
NTT DATA is a $30+ billion business and technology services leader, serving 75% of the Fortune Global 100. We are committed to accelerating client success and positively impacting society through responsible innovation. We are one of the world's leading AI and digital infrastructure providers, with unmatched capabilities in enterprise-scale AI, cloud, security, connectivity, data centers and application services.  Our consulting and industry solutions help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have experts in more than 50 countries. We also offer clients access to a robust ecosystem of innovation centers as well as established and start-up partners. NTT DATA is part of NTT Group, which invests over $3 billion each year in R&D.

Equal Opportunity Employer
NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Third parties fraudulently posing as NTT DATA recruiters 

NTT DATA recruiters will never ask job seekers or candidates for payment or banking information during the recruitment process, for any reason. Please remain vigilant of third parties who may attempt to impersonate NTT DATA recruiters—whether in writing or by phone—in order to deceptively obtain personal data or money from you. All email communications from an NTT DATA recruiter will come from an email address. If you suspect any fraudulent activity, please contact us.

---