Principal Analyst : Information Security Incident Response (NTT)

Make an impact with NTT DATA

Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it's a place where you can grow, belong and thrive.

Your day at NTT DATA

The Principal Information Security Incident Response Analyst is a highly skilled subject matter exper, responsible for providing an escalation path for Level 1 and 2 workflows for high-risk incidents.

Additionally, this role facilitates proactive security measures through analytics and threat hunting processes and is responsible for detecting and monitoring escalated threats and suspicious activity affecting company technology domain (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments).

This role is responsible to manage critical and high-risk exposures in the daily operation of real-time threat management activities.

This senior technical resource facilitates problem resolution and mentoring for the overall team. This includes operational security tasks such as performance and availability monitoring, log monitoring, security incident detection and response, security event reporting, and content maintenance (tuning).

Key responsibilities :

• Manages weekly sprints in Threat Hunting analytics.
• Manages the processing of security alerts, events, and notifications (e.g. via email, ticketing, virus warning, intelligence feeds, workflow, etc.).
• Manages the notification of internal and / or external teams according to agreed alert priority levels, and escalation trees.
• Monitors events for suspicious events, investigation, and escalate where applicable.
• Maintains an understanding of current and emerging threats, vulnerabilities, and trends.
• Prioritizes threat analysis based on risks associated with each threat and working with the appropriate teams to ensure related communications are in line with company best practice and recommendations.
• Acts as the primary technical lead for the Computer Incident Response Team (CIRT), coordinating the work of technical staff from various departments, as well as the work of third-party technical experts.
• Ties third party attack monitoring services and threat reporting services, into internal CIRT communications systems, so as to better alert CIRT team members about what's coming, and what preparations to undertake before production systems at NTT Ltd are damaged (and what remedial actions to take after damage has taken place).
• Regularly reviews the current configurations of NTT Ltd production information systems and networks, with an eye towards the steps that attackers must take to break through existing defenses, and recommends configuration changes, system setting changes, network topology changes, and other modifications that would enhance the overall level of security.
• Designs, specifies, programs, deploys, and fine-tunes custom software which analyses the vast amount of log, audit trail, and other recorded activity information that modern systems record, so as to be able to immediately detect unauthorized activity, most importantly intrusion by unauthorized parties and the execution of unauthorized software.
• Designs automated scripts, automated contingency plans, and other programmed responses which are launched when an attack against company systems has been detected.
• Designs, specifies, programs, debugs, and oversees the work of others related to middleware, and other system integration tools, which tie multiple security monitoring systems together so as to better meet company information security needs.
• Performs post-mortem analyze with logs, network traffic flows, and other recorded information to identify intrusions by unauthorized parties, as well as unauthorized activities of authorized users.
• Reviews incident and problem management reports to identify potential security weaknesses and perform an impact and risk analysis, developing recommendations for highlighted risks, ensuring that these risks and solutions are presented to the relevant stakeholders.
• Ensures that security service audit schedules are developed, scoped, discussed and agreed with the business.
• Reviews access authorization for compliance with policy, administration security controls for effectiveness, security on the operational systems and verify that security monitoring is working.

To thrive in this role, you need to have :

Academic qualifications and certifications :

Required experience :

Workplace type : On-site Working

About NTT DATA

NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo.

Equal Opportunity Employer

NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Show more

Show less

Skills Required

Wireshark, Tcpdump, Log Monitoring, Computer Forensics, Threat Hunting, network forensics, Siem