NTT DATA - Addison, TX
posted about 2 months ago
Full-time - Mid Level
Hybrid - Addison, TX
10,001+ employees
Professional, Scientific, and Technical Services
About the position
The Cyber Security Specialist (Proxy Firewalls, and IPS/IDS) role at NTT DATA involves proactive management of IT security to mitigate the impact of security incidents. The successful candidate will engage in security monitoring, event analysis, and countermeasure proposals, working within a hybrid environment that requires a minimum of three days in the office. This position is critical in leading threat hunting efforts and collaborating with various teams to enhance the organization's security posture.
Responsibilities
- Leads the Cyber Threat Hunt function with SOC Analysts, Incident Responders and Threat Managers
- Conduct threat hunting and analysis using various toolsets based on intelligence gathered
- Actively hunt for Indicators of Compromise (IOC) and APT Tactics, Techniques, and Procedures (TTP) in the network and in the host as necessary
- Search network flow, PCAP, logs, and sensors for evidence of cyber-attack patterns, and hunt for Advanced Persistent Threats (APT)
- Create detailed Incident Reports and contribute to lessons learned in collaboration with the appropriate team
- Analyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture
- Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs
- Provides guidance to contracted subordinates within the latitude of established policies
- Recommends changes to policies and establishes procedures that affect immediate organization(s)
- Methodically examine all collected windows/linux host data for evidence of intrusion, malware, or unauthorized activity
- Directly support the provide incident response support for critical security incidents as they arise
- Familiarity with offensive strategies and assessment methodology
- Work/Assist SIEM Admin team to create new use cases and provide them with all the required details
- Ability to perform general office requirements
- Must be able to perform essential responsibilities with or without reasonable accommodations
Requirements
- 8+ years overall of Cyber Security -Related experience
- 6+ years of SIEM, or SOC experience (ideally Securonix and/or similar Splunk)
- Azure Defender experience is required
- Must have Endpoint Detection Response (EDR) Tool knowledge and experience (ie. Darktrace, CrowdStrike, Carbon Black, and/or Sentinel One, etc)
- Must have experience conducting in-depth forensic analytical studies and/or investigations
- Must have client facing/ customer service and support experience
Nice-to-haves
- KQL Experience is highly preferred
- Strong communication, written, and verbal skills
- Experience with writing/creation of formal documentation such as reports, slide decks, and architecture diagrams
- Bachelor's degree in related filed, to include computer science, or equivalent combination of education and experience
