SOC Manager

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive.

Your day at NTT DATA

The Manager, Information Security Incident Response is a management role, responsible for managing the Information Security Incident Response Management team. This role ensures their team is equipped and enabled to detect and monitor threats and suspicious activity affecting the organization's technology domain. This role serves as the escalation point for incidents workflows and participates in the delivery of security measures through analytics and threat hunting processes. The Senior Manager, Information Security Incident Response manages a team of security professionals whilst fostering a collaborative and innovative team culture focused on operational excellence.

What you'll be doing

Key Responsibilities:

• Provides coaching and mentoring to a team whilst establishing and monitoring individual and team KPIs ensuring that the team achieve business objectives and goals.
• Acts as the escalation point for incident workflows and oversees the performance of weekly threat hunting activities.
• Oversees the review of current configurations of company production information systems and networks against compliance standards.
• Manages the team who provides technical support by ensuring that security alerts, events, and notifications are processed. For example, via email, ticketing, virus warning, intelligence feeds, workflow, etc.
• Engages with internal and/or external teams according to agreed alert priority levels, and escalation trees and ensures the monitoring of events for suspicious events, investigation, and escalate where applicable.
• Ensures the prioritization of threat analysis based on risks associated with each threat and working with the appropriate teams to ensure related communications are in line with company best practice and recommendations.
• Ensures the team is equipped and enabled to act as a subject matter expert for the Computer Incident Response Team.
• Works on strategic custom software projects which analyzes the vast amount of log, audit trail, and other recorded activity information that modern systems record.
• Participates in the design of automated scripts, contingency plans, and other program responses which are launched when an attack against organizational systems has been detected.
• Works on strategic projects and supports the work of others related to middleware, and other system integration tools.
• Fine-tunes the existing security monitoring systems so that false positives and false negatives are minimized.
• Participates in product evaluations for those information security monitoring systems that are being seriously considered for use on organizational production information systems.
• Manages the prevention and resolution of security breaches and ensures that the required incident and problem management processes are initiated to ensure compliance to policy.
• Conducts presentations of the security breaches findings to the business and advise on new measures required to prevent reoccurrence of similar breaches.
• Reviews incident and problem management reports to identify potential security weaknesses and perform an impact and risk analysis, developing recommendations for highlighted risks, ensuring that these risks and solutions are presented to the relevant stakeholders.
• Ensures that security service audit schedules are implemented and agreed with the business.

Knowledge and Attributes:

• Ability to remain calm and focused during stressful situations.
• Ability to listen and adapt to changing situations.
• Ability to lead effectively by motivating their team(s) to perform better.
• Ability to recognize potential problems and take steps to fix the issues.
• Advanced understanding of complex inter-relationships in an overall system or process.
• Advanced knowledge of technological advances within the information security arena.
• Demonstrates analytical thinking and a proactive approach.
• Displays consistent client focus and orientation.
• Advanced knowledge of information security management and policies.
• Advanced understanding of current and emerging threats, vulnerabilities, and trends.
• Advanced understanding of malware forensics, network forensics, and computer forensics also highly desirable.
• Ability to statically and dynamically analyze malware to determine target and intention.
• Ability to uncover and document tools, techniques, procedures used by cyber adversaries in attacking managed infrastructure.
• Sound decision making abilities with demonstrate teamwork and collaboration skills.
• Displays good planning and organizing ability.

Academic Qualifications and Certifications:

• Bachelor’s degree or equivalent in Information Technology, Computer Science or related field.
• SANS GIAC Security Essentials (GSEC) or equivalent preferred.
• SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred.
• SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred.
• Industry Certifications such as CISSP, CISM, CISA, CEH, CHFI preferred.
• Information Technology / ITILSM / ICT Security / ITIL v3 preferred.

Required Experience:

• Advanced experience in a Technology Information Security Industry.
• Advanced prior experience working in a SOC/CSIR.
• Comprehension and practical knowledge of the “Cyber Threat Kill Chains”.
• Advanced knowledge of Tools, Techniques and Processes (TTP) used by threat actors.
• Advanced practical knowledge of “indicators of compromise” (IOC’s).
• Advanced experience with End Point Protection and Enterprise Detention and Response Software.
• Advanced experience or knowledge of SIEM and IPS technologies.
• Advanced experience with Wireshark, tcpdump, Remnux, decoders for conducting payload analysis.
• Knowledge of malware analysis, hacking techniques, latest vulnerabilities, and security trends.
• Preferably an interest, or knowledge of, or experience with SIEM and IPS technologies.
• Advanced knowledge of network technologies including routers, switches, firewalls
• Advanced prior demonstrated experience managing and leading a team in a related field.

Workplace type:

On-site Working

About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo.

Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.