Information Security Incident Response Analyst

Information Security Incident Response Analyst

The Information Security Incident Response Analyst detects and monitors threats and suspicious activity affecting NTT’s technology domain. This individual provides an escalation path for Associate and Senior Associate Analysts for high risk incidents workflows. This position participates in the delivery of security measures through analytics and threat hunting processes. The Analyst: Information Security Incident Response participates in a variety of real-time threat analysis activities. Key Roles and Responsibilities: Perform weekly threat hunting activities. Participate in the review of current configurations of NTT Ltd production information systems and networks against compliance standards. Offer technical support by processing security alerts, events, and notifications (e.g. via email, ticketing, virus warning, intelligence feeds, workflow, etc.) Engage with internal and/or external teams according to agreed alert priority levels, and escalation trees. Monitor events for suspicious events, investigation, and escalate where applicable. Prioritise threat analysis based on risks associated with each threat and working with the appropriate teams to ensure related communications are in line with company best practice and recommendations. Acts as a subject matter expert for the Computer Incident Response Team. Tie third party attack monitoring services and threat reporting services, into internal CIRT communications systems. Alert CIRT team members about what’s coming, and what preparations to undertake before production systems at NTT Ltd are damaged. Regularly reviews the current configurations of NTT Ltd production information systems and networks. Works on strategic custom software projects which analyses the vast amount of log, audit trail, and other recorded activity information that modern systems record. Participate in the design of automated scripts, contingency plans, and other programmed responses which are launched when an attack against NTT Ltd systems has been detected. Work on strategic projects and support the work of others related to middleware, and other system integration tools. Collaborate with Information Security Architects and Information Security DevOps, and others who are building and modifying software and hardware for NTT Ltd. Fine-tune the existing security monitoring systems so that false positives and false negatives are minimised. Builds, updates, and maintains a separate computer lab where intrusion detection related information security appliances. Participates in product evaluations for those information security monitoring systems that are being seriously considered for use on NTT Ltd production information systems. Performs post-mortem analyse with logs, network traffic flows, and other recorded information to identify intrusions by unauthorised parties, as well as unauthorized activities of authorised users. Manage the prevention and resolution of security breaches and ensure that the required incident and problem management processes are initiated to ensure compliance to policy. Conduct presentations of the security breaches findings to the business and advise on new measures required to prevent reoccurrence of similar breaches. Review incident and problem management reports to identify potential security weaknesses and perform an impact and risk analysis, developing recommendations for highlighted risks, ensuring that these risks and solutions are presented to the relevant stakeholders. Ensure that security service audit schedules are implemented and agreed with the business. Review access authorisation for compliance with policy, administration security controls for effectiveness, security on the operational systems and verify that security monitoring is working. Knowledge, Skills and Attributes: Demonstrable knowledge of information security management and policies Demonstrate an understanding of complex inter-relationships in an overall system or process Knowledge of technological advances within the information security arena Demonstrate analytical thinking and a proactive approach Display consistent client focus and orientation Knowledge of information security management and policies Demonstrate an understanding of complex inter-relationships in an overall system or process Sound knowledge of technological advances within the information security arena Demonstrate analytical thinking and a proactive approach Display consistent client focus and orientation Maintain an understanding of current and emerging threats, vulnerabilities, and trends Understanding of malware forensics, network forensics, and computer forensics also highly desirable. Ability to statically and dynamically analyse malware to determine target and intention. Ability to uncover and document tools, techniques, procedures used by cyber adversaries in attacking managed infrastructure. Academic Qualifications and Certifications: Relevant degree SANS GIAC Security Essentials (GSEC) or equivalent SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent SANS GIAC Certified Incident Handler (GCIH) or equivalent Industry Certifications: CISSP, CISM, CISA, CEH, CHFI Information Technology / ITILSM / ICT Security / ITIL v3 Required Experience: Moderate experience in a Technology Information Security Industry Prior experience working in a SOC/CSIR Comprehension and practical knowledge of the “Cyber Threat Kill Chains” Strong knowledge of Tools, Techniques and Processes (TTP) used by threat actors Practical knowledge of “indicators of compromise” (IOC’s) Experience with End Point Protection and Enterprise Detention & Response Software Experience or knowledge of SIEM and IPS technologies Experience with Wireshark, tcpdump, Remnux, decoders for conducting payload analysis. Knowledge of malware analysis, hacking techniques, latest vulnerabilities, and security trends. Preferably an interest, or knowledge of, or experience with SIEM and IPS technologies. Knowledge of network technologies including routers, switches, firewalls