Principal Managed Services Information Security

**Make an impact with NTT DATA**
Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion - it’s a place where you can grow, belong and thrive.

**Your day at NTT DATA**

This role includes performing tasks such as security incident detection and response, security event reporting, threat hunting, content maintenance (tuning) and interacting with clients to ensure their understanding of the information generated, recommending client system changes as well as answering security related queries from the clients.

The Principal Managed Services Information Security Analyst typically provides coaching and guidance to less experienced analysts within the team.

**What you'll be doing**

**Key Responsibilities**:

- Works as part of a global Cyber Defense Centre (CDC) team that works 24/7 on rotational shifts.
- Works with client stakeholders and relevant internal teams to tune the MSSP platform and client SIEM to enable more efficient detection, analysis and reporting.
- Monitors relevant security tools to review and analyze security logs from client environments.
- Generates continuous improvement ideas for supported security tools/technologies, to enable improvements to company services, employee experience and client experience.
- Adheres to SOPs, customer Run Books and standard processes to ensure a globally consistent delivery whilst also proposing changes and improvements to these standards.
- Utilizes and documents best practices and amend existing documentation as required.
- Identifies opportunities to make automations which will help the clients and security delivery teams.
- Performs security incident handling and response from several vectors including End Point Protection and Enterprise Detection and response tools, attack analysis, malware analysis, network forensics, computer forensics.,
- Utilizes a broad range of skills in LAN technologies, Windows and Linux O/S’s, and general security infrastructure.
- Ensures usage of knowledge articles in incident diagnosis and resolution and assist with updating as and when required.
- Performs defined tasks to inform and monitor service delivery against service level agreements and maintain records of relevant information.
- Undertakes threat hunting activities across both individual client estates, as well as cross client hunting.
- Works closely with client delivery teams to support their activities related to client delivery.
- Cooperates closely with colleagues to share knowledge and build a cohesive and effective team environment, benefiting the individual, the business and the client.
- Mentors and supports other team members to increase their security knowledge and delivery expertise.
- Supports major incident management processes and incident escalations from both internal and client sources.
- Performs any other related task as required.

**Knowledge and Attributes**:

- Extended knowledge on implementation and monitoring of a company supported SIEM or security tools/technologies/concepts.
- Extended knowledge on security architecture, worked across different security technologies.
- Extended knowledge and understanding of the operation of modern computer systems and networks and how they can be compromised.
- Displays excellent customer service orientation and pro-active thinking.
- Displays problem solving abilities and is highly driven and self-organized.
- Excellent attention to detail.
- Excellent analytical and logical thinking.
- Excellent spoken and written communication abilities.
- Team player with the ability to work well with others and in group with colleagues and stakeholders.
- Ability to remain calm in pressurized situations.
- Ability to keep current on emerging trends and new technologies in area of specialization.

**Academic Qualifications and Certifications**:

- Bachelor's degree or relevant qualification in Information Technology or Computing or a related field.
- Security certifications such as (but not limited to) AZ-500, SC-200, Security+, CEH, CISSP, CISM or similar Certification in different networking technologies such as CCNA, JNCIA, ACCA, PCNSA, CCSA is advantageous.

**Required Experience**:

- Extended experience in SOC Analysis Operations.
- Extended experience in SIEM usage for investigations.
- Extended experience in Security technologies such as (but not limited to) Firewall, IPS, IDS, Proxy.
- Extended experience in dealing with technical support to clients.
- Extended experience in handling security incidents end to end.
- Extended experience in configuring/managing security controls, such as SIEM, Firewall, IDS/IPS, EDR, NDR, UTM, Proxy, SOAR, Honeypots and other security tools.
- Extended experience in Security Analysis or Engineering preferably gained within a global services organization.

**Workplace type**:
Hybrid Workin