NTT DATA, Inc.
Cyber Security Specialist (Proxy Firewalls, and IPS/IDS) - HYBRID - Addison, TX
NTT DATA, Inc., Addison, Texas, United States, 75001
Cyber Security Specialist (Proxy Firewalls, and IPS/IDS) - HYBRID - Addison, TX
Location:
Addison, TX, US Company:
NTT DATA Services NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now. We are currently seeking a Cyber Security Specialist (Proxy Firewalls, and IPS/IDS) - HYBRID - Addison, TX to join our team in Addison, Texas (US-TX), United States (US). The Threat Hunter, Advanced Security Analytics is a member of a team who proactively manages IT security on behalf of customers to reduce the impact of security incidents and system compromises. The successful candidate will provide security monitoring, level 2 and 3 event analysis, and countermeasure proposals. This position requires shift work in a 8/5 environment during US business hours and after-hours work may be required. Position’s Responsibilities: Leads the Cyber Threat Hunt function with SOC Analysts, Incident Responders and Threat Managers Conduct threat hunting and analysis using various toolsets based on intelligence gathered Actively hunt for Indicators of Compromise (IOC) and APT Tactics, Techniques, and Procedures (TTP) in the network and in the host as necessary Search network flow, PCAP, logs, and sensors for evidence of cyber-attack patterns, and hunt for Advanced Persistent Threats (APT) Create detailed Incident Reports and contribute to lessons learned in collaboration with the appropriate team Analyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs Provides guidance to contracted subordinates within the latitude of established policies Recommends changes to policies and establishes procedures that affect immediate organization(s) Methodically examine all collected windows/linux host data for evidence of intrusion, malware, or unauthorized activity Directly support the provide incident response support for critical security incidents as they arise Familiarity with offensive strategies and assessment methodology Work/Assist SIEM Admin team to create new use cases and provide them with all the required details Ability to perform general office requirements Must be able to perform essential responsibilities with or without reasonable accommodations The Expected Schedule for this Position is:
Monday- Friday, 8am - 5pm CST. The expectations is to work a minimum of 3 days in the office. (typically Tues, Wed, Thurs.'s). Being onsite at the client's location in Addison, TX is required. Role Requirements: 8+ years overall of Cyber Security -Related experience 6+ years of SIEM, or SOC experience (ideally Securonix and/or similar Splunk) Azure Defender experience is required Must have Endpoint Detection Response (EDR) Tool knowledge and experience ( ie. Darktrace, CrowdStrike, Carbon Black, and/or Sentinel One, etc) Must have experience conducting in-depth forensic analytical studies and/or investigations Must have client facing/ customer service and support experience Highly Preferred Qualifications: KQL Experience is highly preferred Strong communication, written, and verbal skills Experience with writing/creation of formal documentation such as reports, slide decks, and architecture diagrams Bachelor’s degree in related filed, to include computer science, or equivalent combination of education and experience
#J-18808-Ljbffr
Location:
Addison, TX, US Company:
NTT DATA Services NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now. We are currently seeking a Cyber Security Specialist (Proxy Firewalls, and IPS/IDS) - HYBRID - Addison, TX to join our team in Addison, Texas (US-TX), United States (US). The Threat Hunter, Advanced Security Analytics is a member of a team who proactively manages IT security on behalf of customers to reduce the impact of security incidents and system compromises. The successful candidate will provide security monitoring, level 2 and 3 event analysis, and countermeasure proposals. This position requires shift work in a 8/5 environment during US business hours and after-hours work may be required. Position’s Responsibilities: Leads the Cyber Threat Hunt function with SOC Analysts, Incident Responders and Threat Managers Conduct threat hunting and analysis using various toolsets based on intelligence gathered Actively hunt for Indicators of Compromise (IOC) and APT Tactics, Techniques, and Procedures (TTP) in the network and in the host as necessary Search network flow, PCAP, logs, and sensors for evidence of cyber-attack patterns, and hunt for Advanced Persistent Threats (APT) Create detailed Incident Reports and contribute to lessons learned in collaboration with the appropriate team Analyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs Provides guidance to contracted subordinates within the latitude of established policies Recommends changes to policies and establishes procedures that affect immediate organization(s) Methodically examine all collected windows/linux host data for evidence of intrusion, malware, or unauthorized activity Directly support the provide incident response support for critical security incidents as they arise Familiarity with offensive strategies and assessment methodology Work/Assist SIEM Admin team to create new use cases and provide them with all the required details Ability to perform general office requirements Must be able to perform essential responsibilities with or without reasonable accommodations The Expected Schedule for this Position is:
Monday- Friday, 8am - 5pm CST. The expectations is to work a minimum of 3 days in the office. (typically Tues, Wed, Thurs.'s). Being onsite at the client's location in Addison, TX is required. Role Requirements: 8+ years overall of Cyber Security -Related experience 6+ years of SIEM, or SOC experience (ideally Securonix and/or similar Splunk) Azure Defender experience is required Must have Endpoint Detection Response (EDR) Tool knowledge and experience ( ie. Darktrace, CrowdStrike, Carbon Black, and/or Sentinel One, etc) Must have experience conducting in-depth forensic analytical studies and/or investigations Must have client facing/ customer service and support experience Highly Preferred Qualifications: KQL Experience is highly preferred Strong communication, written, and verbal skills Experience with writing/creation of formal documentation such as reports, slide decks, and architecture diagrams Bachelor’s degree in related filed, to include computer science, or equivalent combination of education and experience
#J-18808-Ljbffr