Principle Analyst, Cyber Security Incident Response

**Principle Analyst, Cyber Security Incident Response**

At NTT we believe that by using innovative technology we can solve global challenges and create a world that is sustainable and secure. We are looking for curious people, from diverse backgrounds, that are keen to work in a fast-paced and agile environment.

At NTT we trust our employees to do the right thing, even when no one is watching, which is why we offer flexibility in the workplace. The majority of our roles are hybrid, meaning we encourage a balance of working from home and our local office. Ask our recruitment team if this is a hybrid role.

**Want to be a part of our team?**

The Cyber Security Incident Response (CSIR) team is essential in providing an orchestrated and rapid security incident response capability with an oversight of security incident response across wider NTT Managed Security Services clients. The CSIR team utilise various security technologies to identify alerts, prioritize and investigate security issues in a fast-paced environment maintain the level of communication with internal and client stakeholders.

As the CSIR engineer, the typical day can vary greatly depending on the specific position. They may begin their day by looking over dashboards, reports from the previous day or shift, including checking for any new threats and identifying malware that may have infiltrated the system. also prepare for and respond to system breaches or attacks. These processes might differ between Clients, but they generally include responding to hacks or network insecurities and working to prevent new ones.
You will also be required to participate in a shift roster which may comprise of shifts business hours and after hours.

Prepares detailed incident reports and technical briefs for the IT security team.

**Working at NTT**
- Manage day-to-day operations of reviewing SIEM alert and other vulnerability management tools.
- Ensure that all the various environments within the Client have adequate scans and assessments performed.
- Research and recommend mitigation strategy for current and future threats relevant to the Clients environment.
- Combine outputs from the Cybersecurity Advisory with threat intelligence, to develop contextualised attack scenarios for testing Client’s cyber resilience. Prepares detailed incident reports and technical briefs for the IT security teams and Non-technical audience. Monitor the progress of attack simulations to validate the effectiveness of technical security controls, as well as people and processes, in the prevention, detection and response to real attack behaviours.
- Participate in security incident response process when required. Assist in Security Incident Response and provide insights on security incidents and threats.
- Proactively inform any misconfigurations to the Client team and raising tasks against the Clients Tech Domain using the Clients Service Management platform.
- Collaborate with Client to ensure alignment of Client security objectives with business priorities across Client Tech Domains and other 3rd party providers.
- Recommend enhancements to Client security controls or policy configurations to improve the security posture.
- Support the Security Management Lifecycle including: Real-time Monitoring Incident investigation. Research. Correlation. Trending. Remediation.
- Setup and configure SIEM, including data analysis, rule creation, establish thresholds, reference lists, and other duties.
- Setup, investigate, and advanced troubleshooting of log transport agents.
- Work with technology owners and platform leads to ensure vulnerabilities and issues are patched and remediated on time.
- Oversee the implementation and management of operational security reporting activities.
- Regularly, meet with the internal team to review security reports, status, review any risks, issues, incidents, and outstanding activities. Vulnerability Management, Malware analysis, Threat hunting and assist in forensic analysis.
- Managing stakeholder expectations and assisting in the reduction of the impact of a cybersecurity event or incident.
- Contribute to maintaining knowledge base/playbooks by updating procedural documentation.
- Actively participate in process improvement with other team members and Wider team.
- Maintain detailed knowledge of the clients’ environment(s), where applicable, by maintaining and updating relevant documentation.
- Provide proactive, constant, and clear communication on the status of incident/problem resolution between the client, NTT, and any other third-party supplier and vendors. #ownyourfuture

**What will make you a good fit for the role?**

Core skills and experience
- An Individual with curious mind, a problem solver, a good researcher with good presentation and documentation skills.
- Experience in working in Security Operation Centre with good understanding of NIST framework.
- Hands-on experience in managing Splunk, other SIEM logging solution like Microsoft