Company Logo

Analyst, Cybersecurity Incident Response


Job Description

In a constantly changing world, we work together with our people, clients and communities to enable them to fulfill their potential to do great things. We believe that by bringing everyone together, we can solve problems using innovative technology that can create a world that is sustainable and secure. At NTT, we encourage you to remain continuously curious, as that is what keeps you fast, flexible and relevant. No two days will be the same but that is what will help you grow and realize your full potential.

The power is in your hands to do great things. It’s time to lead the change, be the authentic you, to solve difficult challenges, to set the pace of change and to unleash your potential.

Want to be a part of our team?

The Cyber Security Incident Response (CSIR) team is essential in providing an orchestrated and rapid security incident response capability with an oversight of security incident response across wider NTT Managed Security Services clients. The CSIR team utilise various security technologies to identify alerts, prioritize and investigate security issues in a fast-paced environment maintain the level of communication with internal and client stakeholders.

As the CSIR engineer, the typical day can vary greatly depending on the specific position. They may begin their day by looking over dashboards, reports from the previous day or shift, including checking for any new threats and identifying malware that may have infiltrated the system. also prepare for and respond to system breaches or attacks. These processes might differ between Clients, but they generally include responding to hacks or network insecurities and working to prevent new ones.
You will also be required to participate in a shift roster which may comprise of shifts business hours and after hours.

Working at NTT

  • Manage day-to-day operations of reviewing SIEM alert and other vulnerability management tools. Ensure that all the various environments within the Client have adequate scans and assessments performed.
  • Research and recommend mitigation strategy for current and future threats relevant to the Clients environment.
  • Participate in security incident response process when required.
  • Support the Security Management Lifecycle including:
    • Real-time Monitoring
    • Incident investigation.
    • Research.
    • Correlation.
    • Trending.
    • Remediation.
    • Setup and configure SIEM, including data analysis, rule creation. establish thresholds, reference lists, and other duties.
    • Setup, investigate, and advanced troubleshooting of log transport agents.
  • Work with technology owners and platform leads to ensure vulnerabilities and issues are patched and remediated on time.
  • Oversee the implementation and management of operational security reporting activities.
  • Regularly, meet with the internal team to review security reports, status, review any risks, issues, incidents, and outstanding activities.
  • Vulnerability Management, Malware analysis, Threat hunting and assist in forensic analysis.
  • Managing stakeholder expectations and assisting in the reduction of the impact of a cybersecurity event or incident.
  • Contribute to maintaining knowledge base/playbooks by updating procedural documentation. Actively participate in process improvement with other team members and Wider team.
  • Maintain detailed knowledge of the clients’ environment(s), where applicable, by maintaining and updating relevant documentation.
  • Provide proactive, constant, and clear communication on the status of incident/problem resolution between the client, NTT, and any other third-party supplier and vendors.

What would make you a good fit for this role? (Mandatory skills)

  • Experience in working in Security Operation Centre.
  • Hands-on experience in managing Splunk, other SIEM logging solution like Microsoft Sentinel, ArcSight.
  • Vulnerability Management solution like Qualys and Tenable experience, Palo Alto Cortex XSOAR or other SOAR solutions.
  • Hands-on experience to Analyse logs/events from SIEM solution, other infrastructure,
  • Expertise in interpreting and querying Wireshark captures.
  • Experience in managing Security Incidents detect and response, Threat hunt capability with knowledge of Kill chain methodology.
  • Experience in triaging Threat feeds and work towards mitigation exercise.
  • Experience in reviewing the vulnerability, product bug reports and relating its impact to Clients environment.
  • Hands-on knowledge on the creation of use cases within SIEM solution including advanced correlation rules.
  • Creating custom dashboards based on the client's security landscape.
  • Ability to filter through false positives quickly and focus on true positives.
  • Analyse and perform fine-tuning of SIEM rules/policies on regular basis.
  • Hands-on experience in analysing SIEM alert payload to detect any malicious activity.
  • Complete understanding of Digital Forensics concept and the process followed therein.
  • Operational knowledge on Security compliance tools like AlgoSec, Firemom, Skybox or Tufin

Knowledge, Skills and Attributes:

  • Knowledge of information security management and policies
  • Demonstrate an understanding of complex inter-relationships in an overall system or process
  • Sound knowledge of technological advances within the information security arena
  • Demonstrate analytical thinking and a proactive approach
  • Display consistent client focus and orientation
  • Display interpersonal skills and good verbal and written communication ability
  • Demonstrate teamwork and collaboration skills
  • Demonstrate sound decision-making ability
  • Display good planning and organising ability
  • Comprehension and practical knowledge of the “Cyber Threat Kill Chains”
  • Strong knowledge of Tools, Techniques and Processes (TTP) used by threat actors
  • Practical knowledge of “indicators of compromise” (IOC’s)
  • Knowledge of malware analysis, hacking techniques, latest vulnerabilities, and security trends.
  • Comprehension of SIEM and/or indicators of compromise for threat detection.
  • Knowledge of network technologies including routers, switches, firewalls.

Academic Qualifications and Certifications:

  • Degree / Certifications
  • SANS GIAC Security Essentials (GSEC) or equivalent
  • SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent
  • SANS GIAC Certified Incident Handler (GCIH) or equivalent
  • Industry Certifications: CISSP, CISM, CISA, CEH, CHFI
  • Information Technology / ITILSM / ICT Security / ITIL v3

Required Experience:

  • Extensive experience in a Technology Information Security Industry
  • Prior experience working in a SOC/CSIRT for at least 3-5 years
  • Good Hands-on experience on Splunk solution
  • Tertiary qualifications or a passionate ethical hacker
  • Experience using End Point Protection Software
  • Experience with Enterprise Detection & Response software

What will make you a good fit for the role?

Standard career level descriptor for job level:
  • Have wide-ranging experience
  • Uses professional concepts and company objectives to solve complex issues in creative ways
  • Networks with others outside own area of expertise
  • Exercises judgment in selecting methods, techniques and evaluation criteria to obtain results
  • May coordinate others’ activities
  • Typically requires significant related experience with a Bachelor’s or equivalent degree

Join our growing global team and accelerate your career with us. Apply today.

Equal opportunity employer

NTT is proud to be an equal opportunity employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, color, sex, religion, national origin, disability, pregnancy, marital status, sexual orientation, gender reassignment, veteran status, or other protected category.