Cybersecurity Incident Responder

About The Position

Requirements

• Minimum 7 years’ of professional experience
• Minimum 4 years’ of experience in cybersecurity, help desk, system administration, SOC, or IR.
• Minimum 1 year of experience in Incident Response lifecycle (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned)
• Minimum 1 year of experience in Email phishing investigations
• Minimum 1 year of experience with one or more: Splunk and Elastic for Cloud, Endpoint Detection & Response (EDR) tools, Antivirus platforms, Vulnerability scanners (ACAS), ServiceNow, Remedy or similar ticketing systems
• DoD 8570/8140 certification: CompTIA Security+ CE
• Top Secret Security Clearance, SCI eligible.

Nice To Haves

• Malware basics
• Networking fundamentals (IP, DNS, ports, protocols)
• Experience supporting enterprise IT environment
• Certification in one of: CySA+, CASP+, GIAC (GCIH, GCFA, etc.)

Responsibilities

• Detecting, analyzing, containing, eradicating, and recovering from cybersecurity incidents across enterprise, endpoint, network, and cloud environments.
• Responding to malicious activity, suspicious events, policy violations, malware infections, spillages, and other reportable cyber incidents.
• Conducting investigations and responding to cybersecurity alerts and confirmed incidents across enterprise networks and cloud platforms such as AWS, Microsoft Azure, and Google Cloud.
• Executing containment actions on compromised systems or accounts.
• Supporting eradication and recovery efforts.
• Documenting all response activities through incident closure.
• Analyzing malware infections and responding to indicators of ransomware, trojans, spyware, and unauthorized software.
• Coordinating host containment and remediation actions such as antivirus or EDR scanning, reimaging, and evidence preservation when necessary.
• Handling or assisting with DoD and federal incident categories, including CAT 1, 2, 4, 7, and CAT 5 spillage events.
• Understanding appropriate escalation procedures and reporting timelines.
• Managing spillage and data-loss events by containing and sanitizing affected systems, coordinating reporting and remediation.
• Supporting insider-threat or data-exfiltration investigations as required.
• Conducting continuous monitoring by reviewing SIEM alerts, logs, endpoint notifications, and user reports.
• Utilizing tools such as Trellix ESS, Splunk ES, Splunk SOAR, MAR/HX, NSM, Varonis, IDS, Stealthwatch, Cylance, and ForeScout to correlate data and determine incident scope and impact.
• Creating accurate incident tickets, detailed timelines, after-action reports.
• Maintaining evidence and chain-of-custody records.
• Briefing leadership or management as needed.

Benefits

• We are committed to accelerating client success and positively impacting society through responsible innovation.
• We are one of the world's leading AI and digital infrastructure providers, with unmatched capabilities in enterprise-scale AI, cloud, security, connectivity, data centers and application services.
• our consulting and Industry solutions help organizations and society move confidently and sustainably into the digital future.
• As a Global Top Employer, we have experts in more than 50 countries.
• We also offer clients access to a robust ecosystem of innovation centers as well as established and start-up partners.
• NTT DATA is a part of NTT Group, which invests over $3 billion each year in R&D.
• Whenever possible, we hire locally to NTT DATA offices or client sites.
• This ensures we can provide timely and effective support tailored to each client’s needs.
• While many positions offer remote or hybrid work options, these arrangements are subject to change based on client requirements.
• For employees near an NTT DATA office or client site, in-office attendance may be required for meetings or events, depending on business needs.
• At NTT DATA, we are committed to staying flexible and meeting the evolving needs of both our clients and employees.
• NTT DATA recruiters will never ask for payment or banking information and will only use @nttdata.com, @nttdatafed.com and @talent.nttdataservices.com email addresses.
• If you are requested to provide payment or disclose banking information, please submit a contact us form, https://us.nttdata.com/en/contact-us.
• NTT DATA endeavors to make https://us.nttdata.com accessible to any and all users.
• If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at https://us.nttdata.com/en/contact-us.
• This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.
• NTT DATA is an equal opportunity employer.
• Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
• For our EEO Policy Statement, please click here.
• If you'd like more information on your EEO rights under the law, please click here.
• For Pay Transparency information, please click here.