Dfir Consultant

At NTT we believe that by using innovative technology we can solve global challenges and create a world that is sustainable and secure. We are looking for curious people, from diverse backgrounds, that are keen to work in a fast-paced and agile environment.

At NTT we trust our employees to do the right thing, even when no one is watching, which is why we offer flexibility in the workplace. The majority of our roles are hybrid, meaning we encourage a balance of working from home and our local office. Ask our recruitment team if this is a hybrid role.

**Want to be a part of our team?**

The Digital Forensics & Incident Response Consultant (DFIR) will work within established Incident Response methodologies to perform a variety of related activities for NTT customers. This will include responding to Cyber Incidents, proactively hunting for adversaries in customer networks, and performing IR Readiness and Maturity Assessments, as such they will be expected to work independently with little management oversight whilst responding to customer Incidents. The DFIR Consultant will also be responsible for leading and working on projects that will support tactical and strategic business objectives such as Incident Response, Gap Analysis assessments and ASOC design engagements. Demonstration of leadership abilities to provide a clear professional approach to customer facing engagements during the most trying and complex situations such as a data breach. To provide clear and concise communication with a variety of stakeholders from customer IT staff up to C Suite. With the ability to lead during a crisis, show personal agility to adapt to changing environments, and a strong comprehension of malware, emerging threats and the ability to demonstrate risks to the customers business as the result of a breach.

NTT Security provide both first line IR services and extensive IR consultancy to large organisations where the development and maturity of customers in house IR capabilities is required. The consultant will be expected to work closely with other internal security teams such as ASOC and Penetration Testing. A solid understanding of real life attacks is essential in the Consultant to provide high quality Incident Response services to our customers.

**Working at NTT**

**Key Roles and Responsibilities**:

- Lead and perform Incident Response engagements for customers, Supporting Presales engagements and providing Subject Matter Expertise for pre sales calls and meetings.
- Proactively hunt for adversaries on customer networks utilising a variety of tools and techniques
- Responsible for Incident and Breach communications, assessments, and reports that may be both internal and customer facing, to include leadership and executive management for the purpose of enabling Senior Management to make decisions in a crisis situation.
- Understanding of different attacks and how best to design custom containment and remediation plans for customers
- Lead projects for Incident Response, which can be simple small engagements up to large multinational organisations.
- Develop and document processes to ensure consistent and scalable response operations

**Knowledge, Skills and Attributes**:

- Knowledge and understanding of IT industry environment and business needs
- Strong understanding of information technology and information security
- Excellent understanding of security operational processes and controls
- Service consulting aptitude, focusing on the business, service and sales aspects
- Excellent verbal and written communication skills
- Maintain up-to-date knowledge of security threats, countermeasures, security tools, and network technologies
- High level of drive and ability to work under pressure
- Proven experience with Incident Response, offensive security (penetration testing), as well as detection, networking and endpoint solutions, are all distinct advantages.
- Be hands on familiar with IR toolsets and investigation techniques on both Windows and GNU/Linux Operating Systems
- Experience with enterprise level EDR and SIEM platforms.
- Collaborative attitude and able to serve as a liaison to different businesses and interface with fellow team members and colleagues on other security teams.
- Working within cyber defence for 3 years + and Incident Response for at least 1 year
- IT Security related degree (or show practical experience).
- In-depth knowledge of operating systems - Windows & Linux, firewalls, HIDS/HIPS & IDS/IPS
- Experience with OSINT and threat intelligence gathering methods
- Excellent verbal, written and presentation skills
- Industry standard information security certification (CISSP, CISM etc.) or ability to sit and pass one of the relevant industry certification exams within 6 months.
- Deliver post event IR assessments and desktop/real life IR simulations at a technical and executive level
- Be able to guide, influence and provide thought leadership within incident response services
- Knowledge and e