The Principal Information Security Specialist, Threat Intelligence
Continue to make an impact with a company that is pushing the boundaries of what is possible. At NTT DATA, we are renowned for our technical excellence, leading innovations, and making a difference for our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can continue to grow, belong, and thrive.
Your career here is about believing in yourself and seizing new opportunities and challenges. It’s about expanding your skills and expertise in your current role and preparing yourself for future advancements. That’s why we encourage you to take every opportunity to further your career within our great global team.
Your day at NTT DATA
The Principal Information Security Incident Response Analyst is a highly skilled subject matter exper, responsible for providing an escalation path for Level 1 and 2 workflows for high-risk incidents.
Additionally, this role facilitates proactive security measures through analytics and threat hunting processes and is responsible for detecting and monitoring escalated threats and suspicious activity affecting company technology domain (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments).
This role is responsible to manage critical and high-risk exposures in the daily operation of real-time threat management activities.
This senior technical resource facilitates problem resolution and mentoring for the overall team. This includes operational security tasks such as performance and availability monitoring, log monitoring, security incident detection and response, security event reporting, and content maintenance (tuning).
Key responsibilities:
- Manages weekly sprints in Threat Hunting analytics.
- Manages the processing of security alerts, events, and notifications (e.g. via email, ticketing, virus warning, intelligence feeds, workflow, etc.).
- Manages the notification of internal and/or external teams according to agreed alert priority levels, and escalation trees.
- Monitors events for suspicious events, investigation, and escalate where applicable.
- Maintains an understanding of current and emerging threats, vulnerabilities, and trends.
- Prioritizes threat analysis based on risks associated with each threat and working with the appropriate teams to ensure related communications are in line with company best practice and recommendations.
- Acts as the primary technical lead for the Computer Incident Response Team (CIRT), coordinating the work of technical staff from various departments, as well as the work of third-party technical experts.
- Ties third party attack monitoring services and threat reporting services, into internal CIRT communications systems, so as to better alert CIRT team members about what’s coming, and what preparations to undertake before production systems at NTT Ltd are damaged (and what remedial actions to take after damage has taken place).
- Regularly reviews the current configurations of NTT Ltd production information systems and networks, with an eye towards the steps that attackers must take to break through existing defenses, and recommends configuration changes, system setting changes, network topology changes, and other modifications that would enhance the overall level of security.
- Designs, specifies, programs, deploys, and fine-tunes custom software which analyses the vast amount of log, audit trail, and other recorded activity information that modern systems record, so as to be able to immediately detect unauthorized activity, most importantly intrusion by unauthorized parties and the execution of unauthorized software.
- Designs automated scripts, automated contingency plans, and other programmed responses which are launched when an attack against company systems has been detected.
- Designs, specifies, programs, debugs, and oversees the work of others related to middleware, and other system integration tools, which tie multiple security monitoring systems together so as to better meet company information security needs.
- Performs post-mortem analyze with logs, network traffic flows, and other recorded information to identify intrusions by unauthorized parties, as well as unauthorized activities of authorized users.
- Reviews incident and problem management reports to identify potential security weaknesses and perform an impact and risk analysis, developing recommendations for highlighted risks, ensuring that these risks and solutions are presented to the relevant stakeholders.
- Ensures that security service audit schedules are developed, scoped, discussed and agreed with the business.
- Reviews access authorization for compliance with policy, administration security controls for effectiveness, security on the operational systems and verify that security monitoring is working.
To thrive in this role, you need to have:
- Ability to remain calm and focused during stressful situations.
- Ability to listen and adapt to changing situations.
- Ability to recognize potential problems and take steps to fix the issues.
- Extended understanding of complex inter-relationships in an overall system or process.
- Extended knowledge of technological advances within the information security arena.
- Demonstrates analytical thinking and a proactive approach.
- Displays consistent client focus and orientation.
- Extended knowledge of information security management and policies.
- Extended understanding of current and emerging threats, vulnerabilities, and trends.
- Extended understanding of malware forensics, network forensics, and computer forensics also highly desirable.
- Ability to statically and dynamically analyze malware to determine target and intention.
- Ability to uncover and document tools, techniques, procedures used by cyber adversaries in attacking managed infrastructure.
- Sound decision making abilities with demonstrate teamwork and collaboration skills.
- Displays good planning and organizing ability.
Academic qualifications and certifications:
- Bachelor’s degree or equivalent in Information Technology, Computer Science or related field.
- SANS GIAC Security Essentials (GSEC) or equivalent preferred.
- SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred.
- SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred.
- Industry certifications such as CISSP, CISM, CISA, CEH, CHFI preferred.
- Information Technology / ITILSM / ICT Security / ITIL v3 preferred.
Required experience:
- Extended experience in a Technology Information Security Industry.
- Extended experience working in a SOC/CSIRT.
- Extended experience or knowledge of SIEM and IPS technologies.
- Extended experience with Wireshark, tcpdump, Remnux, decoders for conducting payload analysis.
- Extended experience in building SIEM rules and/or indicators of compromise for threat detection.
Workplace type:
Hybrid Working
Equal Opportunity Employer
NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Accelerate your career with us. Apply today