Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. The NTT Cyber Security Incident Response (CSIR) team is essential in providing an orchestrated and rapid security incident response capability with an oversight of security incident response across wider NTT Managed Security Services clients. The CSIR team utilises various security technologies to identify alerts and prioritize and investigate security issues in a fast‑paced environment to maintain the level of communication with internal and client stakeholders. As a CSIR engineer, a major part of the role will be to act like a SIEM consultant who provides expertise and guidance to organizations in setting up, managing, and improving their SOC capabilities. The day may begin by looking over dashboards and reports from the previous day or shift, including checking for any new threats and identifying malware that may have infiltrated the system. You will also be required to participate in a shift roster which may comprise of business hours and after hours. Responsibilities Assessing SIEM maturity: Evaluating the existing SIEM setup and capabilities of an organization to identify strengths, weaknesses, and improvement areas. Developing or refining the SIEM infrastructure, the architecture, tools, processes, and workflows of a SOC to ensure effective and efficient detection, analysis, and response to security incidents. Implementing security technologies when necessary: Assessing, selecting, and implementing various security technologies such as SIEM, SOAR systems, intrusion detection systems, threat intelligence platforms, and incident response tools. Support the Security Management Lifecycle including: monitoring, investigation, research, correlation, trend analysis, remediation and siem configuration. Developing security policies and procedures: Assisting in developing, documenting, maintaining SOC standard operating procedures (SOPs), incident response plans, playbooks, and other security policies to ensure consistent and effective operations. Actively participate in process improvement with other team members and the wider team. Incident analysis and response: Assisting SOC analysts by providing guidance and support in analyzing security events, investigating incidents, and responding to cyber threats and attacks. Process improvement and optimization: Continuously improving and optimizing SOC processes, workflows, and tools to enhance efficiency, accuracy and effectiveness in threat detection and response. Threat intelligence analysis: Collaborating with other teams or external threat intelligence providers to gather, analyze, and interpret threat intelligence to identify emerging threats and implement proactive measures. Research and recommend mitigation strategies for current and future threats relevant to the clients' environment. Compliance and regulatory requirements: Ensuring that SOC operations align with applicable standards, regulations, and best practices, such as ISO 27001, NIST, PCI DSS, or industry‑specific compliance requirements. Incident reporting and communication: Preparing reports and communicating security incidents, vulnerabilities, and findings to stakeholders, management, and internal or external auditors as necessary. Collaborating with internal teams: Working closely with other teams, such as network and system administrators, to ensure proper integration and coordination of security monitoring tools and systems. Managing stakeholder expectations and assisting in the reduction of the impact of a cybersecurity event or incident. Providing proactive, constant, and clear communication on the status of incident/problem resolution between the client, NTT, and any other third‑party supplier or vendor. Providing remote technical support and escalation within Managed Services’ ITIL aligned service delivery processes including incident management, problem management, configuration management, change management and release management. Managing, owning and coordinating the technical resolution of incidents either remotely or onsite utilizing field engineering resources. Actioning P1 or major incident escalation immediately. Planning, coordinating and implementing complex network changes within customer‑specified change windows, adhering to a predefined ITIL change management framework. Maintaining detailed knowledge of the clients’ environments by maintaining and updating relevant documentation such as diagrams, configuration databases and procedural documentation. Escalating issues affecting delivery of service to management and mentoring the team members and guiding them to grow in their roles and provide technical escalation support. Required Skills Hands‑on experience in administering and managing SIEM platforms such as Palo Alto XSIAM, Splunk, Microsoft Sentinel etc. Hands‑on experience analysing logs/events from SIEM solutions, Wireshark and other infrastructure. Deep knowledge of cybersecurity concepts, technologies and best practices, including threat intelligence, network security, incident response, log analysis, vulnerability management and security monitoring tools. Experience working in a security operation centre and network security operations. Hands‑on experience administering and managing vulnerability management solutions such as Qualys, Tenable etc. Hands‑on experience in administering and managing SOAR solutions such as Palo Alto Cortex XSOAR. Expertise in writing and interpreting query languages SPL, KQL, XQL. Creating custom dashboards based on the client’s security landscape. Experience managing security incidents detection and response, threat hunting and knowledge of MITRE ATT&CK, NIST, FAIR, cyber kill chain frameworks. Experience triaging threat feeds and working toward mitigation exercises. Experience reviewing vulnerability and product bug reports and relating their impact to the clients’ environment. Ability to filter through false positives quickly and focus on true positives. Risk assessment and management: Understanding of risk assessment methodologies and frameworks such as NIST 800‑30 or ISO 31000. Experience with various security monitoring and analysis tools such as SIEM, IDS/IPS, EDR, and network traffic analysis tools. Desirable Skills Demonstrated genuine interest and passion for cybersecurity. Working knowledge of security operations environments and incident management and response handling. Certifications such as Splunk Core Certified Power User (SCCPU), Qualys, CISSP, GSEC, GCIH, GCIA or other industry‑recognised certifications. Exposure to cyber security governance and risk compliance (GRC) and experience in providing innovative solutions to complex cybersecurity problems. Strong organisational skills and ability to prioritise multiple complex tasks. Ability to work effectively under pressure. Excellent verbal and written communication skills to influence both technical and non‑technical audiences. Required Experience Extensive 10+ years overall experience in the technology information security industry. Prior experience working in a SOC/CSIRT for at least 8+ years. Good hands‑on experience on Splunk solutions creating search rules and dashboards. Tertiary qualifications or a passion for ethical hacking. Experience using endpoint protection products and tools. Experience with enterprise detection and response software. Experience managing large customers with multiple sites. Strong team player and ability to work in a challenging, constantly changing environment. Willingness to persevere with difficult tasks, demonstrate resourcefulness and sound judgment. Strong customer service focus and ability to understand client expectations. Strong verbal and written communication along with good interpersonal skills. High level of initiative, accountability, attention to detail and adherence to process. Workplace Type Hybrid Working Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. #J-18808-Ljbffr