Principle Analyst Cybersecurity Incident

The NTT Cyber Security Incident Response (CSIR) team is essential in providing an orchestrated and rapid security incident response capability with an oversight of security incident response across wider NTT Managed Security Services clients. The CSIR team utilises various security technologies to identify alerts and prioritize and investigate security issues in a fast-paced environment to maintain the level of communication with internal and client stakeholders.
As a CSIR engineer, A major part of the role will be delivering SOC (Security Operations Centre) integrated squad teams operational project work and assist with operational task of a SOC team to collectively manage and respond to security incidents, work on assigned SOC tasks to enhance the cyber security posture of NTT Clients along with Consulting work with Clients.
Provides expertise and guidance to NTT Clients in setting up, managing, and improving their SOC capabilities. The typical day can vary greatly depending on the day and work at hand with the squad team. The day may begin by looking over dashboards, and preparing presentation, consulting engagement updates, preparing risk update reports,, reports from the previous day or shift, including checking for any new threats and identifying malware that may have infiltrated the system. also prepare for and respond to system breaches or attacks. These processes might differ between Clients, but they generally include responding to hacks or network insecurities and working to prevent new ones. You will also be required to participate in a shift roster which may comprise of shifts business hours and after hours.

Your key responsibilities will include but are not limited to:
• Implementing security technologies when necessary: Assessing, selecting, and implementing various security technologies such as SIEM, SOAR systems, intrusion detection systems, threat intelligence platforms, and incident response tools.
•Support the Security Management Lifecycle including:

• Developing security policies and procedures: Assisting in developing, documenting, maintaining SOC standard operating procedures (SOPs), incident response plans, playbooks, and other security policies to ensure consistent and effective operations. Actively participate in process improvement with other team members and Wider team.
• Incident analysis and response: Assisting SOC analysts by providing guidance and support in analysing security events, investigating incidents, and responding to cyber threats and attacks.
• Process improvement and optimization: Continuously improving and optimizing SOC processes, workflows, and tools to enhance efficiency, accuracy, and effectiveness in threat detection and response.
• Threat intelligence analysis: Collaborating with other teams or external threat intelligence providers to gather, analyse, and interpret threat intelligence to identify emerging threats and implement proactive measures. Research and recommend mitigation strategies for current and future threats relevant to the Clients environment.
• Compliance and regulatory requirements: Ensuring that SOC operations align with applicable standards, regulations, and best practices, such as ISO 27001, NIST, PCI DSS, or industry-specific compliance requirements.
• Incident reporting and communication: Preparing reports and communicating security incidents, vulnerabilities, and findings to stakeholders, management, and internal or external auditors as necessary.
• Collaborating with internal teams: They work closely with other teams, such as network and system administrators, to ensure proper integration and coordination of security monitoring tools and systems.
• Assessing SOC maturity: Evaluating the existing SOC setup and capabilities of an organization to identify strengths, weaknesses, and improvement areas.
• Developing or refining the SOC infrastructure, the architecture, tools, processes, and workflows of a SOC to ensure effective and efficient detection, analysis, and response to security incidents.
•Managing stakeholder expectations and assisting in the reduction of the impact of a cybersecurity event or incident.
•Provide proactive, constant, and clear communication on the status of incident/problem resolution between the client, NTT, and any other third-party supplier and vendors.
•Provide remote technical support and Escalations within Managed Services’ ITIL aligned service delivery processes including Incident Management, Problem Management, Configuration Management, Change Management and Release Management.
•Manage, own and co-ordinate the technical resolution of incidents either remotely or onsite utilising Field Engineering resources
•Action P1 or Major incident escalation right away.
•Plan, coordinate and implement complex network changes within customer specified change windows, adhering to a predefined ITIL change management framework. This will include liaising with the customer, third party suppliers, vendors and partners to ensure minimal disruption to the
customer’s day-to-day business operations, and the provision of a
seamless, coordinated delivery of services.
•Maintain detailed knowledge of the clients’ environment(s), where applicable, by maintaining and updating relevant documentation such as Diagrams, Configuration Databases along with process and procedural documentation.
•Escalate issues affecting delivery of service to management.
Mentor the team members and guide them to grow in their roles and provide technical escalation support.

What would make you a good fit for this role? (Mandatory skills)
•Deep knowledge of cybersecurity concepts, technologies, and best practices is essential. This includes understanding of threat intelligence, network security, incident response, log analysis, vulnerability management, and security monitoring tools.
•Good Consulting experience and leading & engaging in client cyber security discussion and audit review.
•Experience in working in Security Operation Centre and Network Security operations.
•Hands-on experience in administering & managing SIEM platforms Palo Alto XSIAM, Splunk, Microsoft Sentinel etc.
•Hands-on experience in administering & managing Vulnerability Management solutions like Qualys, Tenable etc, Attack Surface management tools.
•Hands-on experience in administering & managing SOAR Palo Alto Cortex XSOAR or other SOAR solutions.
•Hands-on experience to Analyze logs/events from SIEM solution, wireshark and other infrastructure,
•Expertise in writing new, interpreting query language SPL(Splunk), KQL(Sentinel), XQL(Palo XSIAM).
•Experience in managing Security Incidents detection and response, Threat hunt capability with knowledge of Mitre Attack, NIST, FAIR, Cyber Kill chain security framework.
•Experience in triaging Threat feeds and working towards mitigation exercises.
•Experience in reviewing the vulnerability, and product bug reports and relating their impact to Clients’ environment.
•Creating custom dashboards based on the client's security landscape on clients SIEM, Cyber Security Intel products.
•Ability to filter through false positives quickly and focus on true positives.
•Risk assessment and management: Understanding of risk assessment methodologies and frameworks, such as NIST 800-30 or ISO 31000, to assess and manage cybersecurity risks effectively.
•Experience with various security monitoring and analysis tools like SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention System), EDR (Endpoint Detection and Response), and network traffic analysis tools.

Desirable skills:
• Demonstrated genuine interests and passion for cybersecurity is a must.
• Working knowledge of security operations environments and security incident management & response handling.
• Certification - Splunk Core Certified Power User (SCCPU), Qualys.
• Relevant certifications such as CISSP (Certified Information Systems Security Professional), GSEC, GCIH (GIAC Certified Incident Handler), GCIA (GIAC Certified Intrusion Analyst), or other industry-recognized certifications are advantageous and demonstrate expertise.
• Exposure to Cyber Security Governance and Risk Compliance (GRC) and experience in providing innovative solutions to complex cybersecurity problems.
• Strong organisational skills & the ability to prioritise multiple complex tasks.
• Ability to work effectively under pressure.
• Excellent verbal and written communication skills are essential to influence both technical and non-technical audiences.
Required Experience:
• Extensive 10 + years of overall experience in a Technology Information Security Industry
• Prior experience working in a SOC/CSIRT for at least 8+ years
• Good Hands-on experience on Splunk solution creating search rules and dashboards.
• Tertiary qualifications or a passionate ethical hacker
• Experience using End Point Protection products and tools.
• Experience with Enterprise Detection & Response software
• Experience in managing large customers with multiple sites
• Strong team player
• Ability to work in a challenging and constantly changing environment
• Display a willingness to persevere with difficult tasks
• Demonstrate resourcefulness and sound judgment
• Strong customer service focus with an understanding of client expectations
• Strong verbal and written communication, along with good interpersonal skills
• Demonstration of NTT’s core values of Proactively, Teamwork, Professional Excellence, Partnership, and Personal Commitment.
• High level of initiative, accountability, attention to detail and ability to follow process.