NTT DATA - Addison, TX
posted about 2 months ago
Full-time - Senior
Hybrid - Addison, TX
10,001+ employees
Professional, Scientific, and Technical Services
About the position
The Cyber Security Specialist (Proxy Firewalls, and IPS/IDS) role at NTT DATA involves proactive management of IT security to mitigate the impact of security incidents and system compromises. The successful candidate will lead threat hunting activities, conduct security monitoring, and provide analysis and countermeasure proposals. This hybrid position requires a minimum of three days in the office and involves shift work during US business hours, with potential after-hours responsibilities.
Responsibilities
- Lead the Cyber Threat Hunt function with SOC Analysts, Incident Responders, and Threat Managers.
- Conduct threat hunting and analysis using various toolsets based on intelligence gathered.
- Actively hunt for Indicators of Compromise (IOC) and APT Tactics, Techniques, and Procedures (TTP) in the network and host.
- Search network flow, PCAP, logs, and sensors for evidence of cyber-attack patterns and hunt for Advanced Persistent Threats (APT).
- Create detailed Incident Reports and contribute to lessons learned in collaboration with the appropriate team.
- Analyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture.
- Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs.
- Provide guidance to contracted subordinates within the latitude of established policies.
- Recommend changes to policies and establish procedures that affect immediate organization(s).
- Methodically examine all collected windows/linux host data for evidence of intrusion, malware, or unauthorized activity.
- Directly support incident response for critical security incidents as they arise.
- Familiarity with offensive strategies and assessment methodology.
- Work/Assist SIEM Admin team to create new use cases and provide them with all the required details.
Requirements
- 8+ years overall of Cyber Security-related experience.
- 6+ years of SIEM or SOC experience (ideally Securonix and/or similar Splunk).
- Azure Defender experience is required.
- Must have Endpoint Detection Response (EDR) Tool knowledge and experience (e.g., Darktrace, CrowdStrike, Carbon Black, and/or Sentinel One).
- Must have experience conducting in-depth forensic analytical studies and/or investigations.
- Must have client-facing/customer service and support experience.
Nice-to-haves
- KQL Experience is highly preferred.
- Strong communication, written, and verbal skills.
- Experience with writing/creation of formal documentation such as reports, slide decks, and architecture diagrams.
- Bachelor's degree in a related field, including computer science, or equivalent combination of education and experience.
Benefits
- Health insurance
- 401k
- Paid holidays
- Flexible scheduling
- Professional development opportunities
