Principle Analyst Cybersecurity Incident

Principle Analyst Cybersecurity Incident 3 days ago Be among the first 25 applicants Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. The NTT Cyber Security Incident Response (CSIR) team is essential in providing an orchestrated and rapid security incident response capability with an oversight of security incident response across wider NTT Managed Security Services clients. The CSIR team utilises various security technologies to identify alerts and prioritise and investigate security issues in a fast‑paced environment to maintain the level of communication with internal and client stakeholders. As a CSIR engineer, a major part of the role will be delivering SOC (Security Operations Centre) integrated squad teams operational project work and assist with operational tasks of a SOC team to collectively manage and respond to security incidents, work on assigned SOC tasks to enhance the cyber security posture of NTT Clients along with consulting work with Clients. Provides expertise and guidance to NTT Clients in setting up, managing, and improving their SOC capabilities. The typical day can vary greatly depending on the day and work at hand with the squad team. The day may begin by looking over dashboards, and preparing presentation, consulting engagement updates, preparing risk update reports, reports from the previous day or shift, including checking for any new threats and identifying malware that may have infiltrated the system. also prepare for and respond to system breaches or attacks. These processes might differ between Clients, but they generally include responding to hacks or network insecurities and working to prevent new ones. You will also be required to participate in a shift roster which may comprise of shifts business hours and after hours. Your key responsibilities will include but are not limited to: Implementing security technologies when necessary: Assessing, selecting, and implementing various security technologies such as SIEM, SOAR systems, intrusion detection systems, threat intelligence platforms, and incident response tools. Support the Security Management Lifecycle including: Real‑time Monitoring Incident investigation. Research. Correlation. Trending. Remediation. Setup and configure SIEM, including data analysis, rule creation, establish thresholds, reference lists, and other duties. Setup, investigate, and advanced troubleshooting of log transport agents. Developing security policies and procedures: Assisting in developing, documenting, maintaining SOC standard operating procedures (SOPs), incident response plans, playbooks, and other security policies to ensure consistent and effective operations. Actively participate in process improvement with other team members and wider team. Incident analysis and response: Assisting SOC analysts by providing guidance and support in analysing security events, investigating incidents, and responding to cyber threats and attacks. Process improvement and optimisation: Continuously improving and optimising SOC processes, workflows, and tools to enhance efficiency, accuracy, and effectiveness in threat detection and response. Threat intelligence analysis: Collaborating with other teams or external threat intelligence providers to gather, analyse, and interpret threat intelligence to identify emerging threats and implement proactive measures. Research and recommend mitigation strategies for current and future threats relevant to the Client’s environment. Compliance and regulatory requirements: Ensuring that SOC operations align with applicable standards, regulations, and best practices, such as ISO 27001, NIST, PCI DSS, or industry‑specific compliance requirements. Incident reporting and communication: Preparing reports and communicating security incidents, vulnerabilities, and findings to stakeholders, management, and internal or external auditors as necessary. Collaborating with internal teams: They work closely with other teams, such as network and system administrators, to ensure proper integration and coordination of security monitoring tools and systems. Assessing SOC maturity: Evaluating the existing SOC setup and capabilities of an organization to identify strengths, weaknesses, and improvement areas. Developing or refining the SOC infrastructure, the architecture, tools, processes, and workflows of a SOC to ensure effective and efficient detection, analysis, and response to security incidents. Managing stakeholder expectations and assisting in the reduction of the impact of a cybersecurity event or incident. Provide proactive, constant, and clear communication on the status of incident/problem resolution between the client, NTT, and any other third‑party supplier and vendors. Provide remote technical support and escalations within Managed Services’ ITIL aligned service delivery processes including Incident Management, Problem Management, Configuration Management, Change Management and Release Management. Manage, own and co‑ordinate the technical resolution of incidents either remotely or onsite utilising Field Engineering resources. Action P1 or Major incident escalation right away. Plan, coordinate and implement complex network changes within customer specified change windows, adhering to a predefined ITIL change management framework. This will include liaising with the customer, third party suppliers, vendors and partners to ensure minimal disruption to the customer’s day‑to‑day business operations, and the provision of a seamless, coordinated delivery of services. Maintain detailed knowledge of the clients’ environment(s), where applicable, by maintaining and updating relevant documentation such as diagrams, configuration databases along with process and procedural documentation. Escalate issues affecting delivery of service to management. Mentor the team members and guide them to grow in their roles and provide technical escalation support. What would make you a good fit for this role? (Mandatory skills) Deep knowledge of cybersecurity concepts, technologies, and best practices is essential. This includes understanding of threat intelligence, network security, incident response, log analysis, vulnerability management, and security monitoring tools. Good consulting experience and leading & engaging in client cyber security discussion and audit review. Experience in working in Security Operations Centre and Network Security operations. Hands‑on experience in administering & managing SIEM platforms Palo Alto XSIAM, Splunk, Microsoft Sentinel etc. Hands‑on experience in administering & managing vulnerability management solutions like Qualys, Tenable etc, attack surface management tools. Hands‑on experience in administering & managing SOAR Palo Alto Cortex XSOAR or other SOAR solutions. Hands‑on experience to analyse logs/events from SIEM solution, wireshark and other infrastructure, Expertise in writing new, interpreting query language SPL (Splunk), KQL (Sentinel), XQL (Palo XSIAM). Experience in managing security incidents detection and response, threat hunt capability with knowledge of Mitre Attack, NIST, FAIR, Cyber Kill chain security framework. Experience in triaging threat feeds and working towards mitigation exercises. Experience in reviewing the vulnerability, and product bug reports and relating their impact to Clients’ environment. Creating custom dashboards based on the client’s security landscape on clients SIEM, cyber security intel products. Ability to filter through false positives quickly and focus on true positives. Risk assessment and management: Understanding of risk assessment methodologies and frameworks, such as NIST 800‑30 or ISO 31000, to assess and manage cybersecurity risks effectively. Experience with various security monitoring and analysis tools like SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention System), EDR (Endpoint Detection and Response), and network traffic analysis tools. Desirable skills: Demonstrated genuine interest and passion for cybersecurity is a must. Working knowledge of security operations environments and security incident management & response handling. Certification - Splunk Core Certified Power User (SCCPU), Qualys. Relevant certifications such as CISSP (Certified Information Systems Security Professional), GSEC, GCIH (GIAC Certified Incident Handler), GCIA (GIAC Certified Intrusion Analyst), or other industry‑recognised certifications are advantageous and demonstrate expertise. Exposure to Cyber Security Governance and Risk Compliance (GRC) and experience in providing innovative solutions to complex cybersecurity problems. Strong organisational skills & the ability to prioritise multiple complex tasks. Ability to work effectively under pressure. Excellent verbal and written communication skills are essential to influence both technical and non‑technical audiences. Required Experience: Extensive 10+ years of overall experience in a Technology Information Security Industry Prior experience working in a SOC/CSIRT for at least 8+ years Good hands‑on experience on Splunk solution creating search rules and dashboards. Tertiary qualifications or a passionate ethical hacker Experience using end‑point protection products and tools. Experience with Enterprise Detection & Response software. Experience in managing large customers with multiple sites. Strong team player. Ability to work in a challenging and constantly changing environment. Display a willingness to persevere with difficult tasks. Demonstrate resourcefulness and sound judgement. Strong customer service focus with an understanding of client expectations. Strong verbal and written communication, along with good interpersonal skills. Demonstration of NTT’s core values of Proactively, Teamwork, Professional Excellence, Partnership, and Personal Commitment. High level of initiative, accountability, attention to detail and ability to follow process. Workplace type: On‑site Working About NTT DATA NTT DATA is a $30+ billion business and technology services leader, serving 75% of the Fortune Global 100. We are committed to accelerating client success and positively impacting society through responsible innovation. We are one of the world’s leading AI and digital infrastructure providers, with unmatched capabilities in enterprise‑scale AI, cloud, security, connectivity, data centres and application services. Our consulting and industry solutions help organisations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have experts in more than 50 countries. We also offer clients access to a robust ecosystem of innovation centres as well as established and start‑up partners. NTT DATA is part of NTT Group, which invests over $3 billion each year in R&D. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today. Third parties fraudulently posing as NTT DATA recruiters NTT DATA recruiters will never ask job seekers or candidates for payment or banking information during the recruitment process, for any reason. Please remain vigilant of third parties who may attempt to impersonate NTT DATA recruiters—whether in writing or by phone—in order to deceptively obtain personal data or money from you. All email communications from an NTT DATA recruiter will come from an @nttdata.com email address. If you suspect any fraudulent activity, contact us. Seniority level Mid‑Senior level Employment type Full‑time Job function Information Technology Industries IT Services and IT Consulting #J-18808-Ljbffr