Job
Description
Your day at NTT DATA The Senior Team Lead, Information Security is a developing management role, responsible for managing the Information Security Incident Response Management team. This role ensures their team is equipped and enabled to detect and monitor threats and suspicious activity affecting the organization's technology domain. This role serves as the escalation point for incidents workflows and participates in the delivery of security measures through analytics and threat hunting processes. The Senior Team Lead, Information Security Incident Response manages a team of security professionals whilst fostering a collaborative and innovative team culture focused on operational excellence. What you'll be doing Key Responsibilities: Provides coaching and mentoring to a team whilst establishing and monitoring individual and team KPIs ensuring that the team achieve business objectives and goals. Oversees the performance of weekly threat hunting activities. Oversees the review of current configurations of company production information systems and networks against compliance standards. Manages the team who provides technical support by ensuring that security alerts, events, and notifications are processed. For example, via email, ticketing, virus warning, intelligence feeds, workflow, etc. Engages with internal and/or external teams according to agreed alert priority levels, and escalation trees. Ensures the monitoring of events for suspicious events, investigation, and escalates where applicable. Ensures the prioritization of threat analysis based on risks associated with each threat and working with the appropriate teams to ensure related communications are in line with company best practice and recommendations. Works on strategic custom software projects which analyses the vast amount of log, audit trail, and other recorded activity information that modern systems record. Fine-tunes the existing security monitoring systems so that false positives and false negatives are minimized. Manages the prevention and resolution of security breaches and ensures that the required incident and problem management processes are initiated to ensure compliance to policy. Conducts presentations of the security breaches findings to the business and advise on new measures required to prevent reoccurrence of similar breaches. Reviews incident and problem management reports to identify potential security weaknesses and perform an impact and risk analysis, developing recommendations for highlighted risks, ensuring that these risks and solutions are presented to the relevant stakeholders. Ensures that security service audit schedules are implemented and agreed with the business. Reviews access authorization for compliance with policy, administration security controls for effectiveness, security on the operational systems and verify that security monitoring is working. Knowledge, Skills and Attributes: Ability to remain calm and focused during stressful situations. Ability to listen and adapt to changing situations. Ability to lead effectively by motivating their team(s) to perform better. Ability to recognize potential problems and take steps to fix the issues. Solid understanding of complex inter-relationships in an overall system or process. Solid knowledge of technological advances within the information security arena. Demonstrates analytical thinking and a proactive approach. Displays consistent client focus and orientation. Solid knowledge of information security management and policies. Solid understanding of current and emerging threats, vulnerabilities, and trends. Solid understanding of malware forensics, network forensics, and computer forensics also highly desirable. Ability to statically and dynamically analyze malware to determine target and intention. Ability to uncover and document tools, techniques, procedures used by cyber adversaries in attacking managed infrastructure. Sound decision making abilities with demonstrate teamwork and collaboration skills. Displays good planning and organizing ability. Academic Qualifications and Certifications: Bachelors degree or equivalent in Information Technology, Computer Science or related field. SANS GIAC Security Essentials (GSEC) or equivalent preferred. SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred. SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred. Industry Certifications such as CISSP, CISM, CISA, CEH, CHFI preferred. Information Technology ITILSM ICT Security ITIL v3 preferred. Required Experience: Solid experience in a Technology Information Security Industry. Solid experience working in a SOC/CSIR. Comprehension and practical knowledge of the Cyber Threat Kill Chains. Knowledge of Tools, Techniques and Processes (TTP) used by threat actors. Solid practical knowledge of indicators of compromise (IOCs). Solid experience with End Point Protection and Enterprise Detention and Response Software. Solid experience or knowledge of SIEM and IPS technologies. Solid experience with Wireshark, tcpdump, Remnux, decoders for conducting payload analysis. Knowledge of malware analysis, hacking techniques, latest vulnerabilities, and security trends. Preferably an interest, or knowledge of, or experience with SIEM and IPS technologies. Moderate level of knowledge of network technologies including routers, switches, firewalls. Solid prior demonstrated experience managing and leading a team in a related field.
