Want to be a part of our team?

　　MS Engineer (L2) is responsible for providing a managed service to clients to ensure that their IT infrastructure and systems remain operational. Through the proactive monitoring, identifying, investigating and resolving of technical incidents and problems, the MS Engineer (L2) are able to restore service to clients. Their primary objective is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA). The MS Engineer (L2) focuses on second line support for incidents and requests with medium level of complexity.

　　Radford reference:

　　"Performs IT functions such as design, analysis, evaluation, testing, debugging and implementation of applications programs supporting the company infrastructure business processes and operations and/or network-based (cloud) product systems. Analyzes, installs, acquires, modifies and supports operating systems, database or utilities software. Plans, conducts and directs the analysis of business problems with automated systems solutions. Analyzes, designs, acquires and implements projects for LAN and/or WAN systems. Plans, designs, acquires and implements telecommunications voice/wire systems. At higher job levels, may contribute to the development, testing, evaluation or design of system or infrastructure architecture used throughout the IT solution set."

　　Working at NTT

　　Job Profile Summary

　　The Cyber Security Incident Response (CSIR) team is essential in providing an orchestrated and rapid security incident response capability with an oversight of security incident response across wider NTT Managed Security Services clients. The CSIR team utilise various security technologies to identify alerts, prioritize and investigate security issues in a fast-paced environment maintain the level of communication with internal and client stakeholders.

　　As the CSIR engineer, the typical day can vary greatly depending on the specific position. They may begin their day by looking over dashboards, reports from the previous day or shift, including checking for any new threats and identifying malware that may have infiltrated the system. also prepare for and respond to system breaches or attacks. These processes might differ between Clients, but they generally include responding to hacks or network insecurities and working to prevent new ones.

　　You will also be required to participate in a shift roster which may comprise of shifts business hours and after hours.

　　Primary Skill Set - SOC - Splunk, Qualys, SIEM

　　Your key responsibilities will include but are not limited to:

　　Manage day-to-day operations of reviewing SIEM alert and other vulnerability management tools. Ensure that all the various environments within the Client have adequate scans and assessments performed.

　　Research and recommend mitigation strategy for current and future threats relevant to the Clients environment.

　　Participate in security incident response process when required.

　　Support the Security Management Lifecycle including:

　　Real-time Monitoring

　　Incident investigation.

　　Research.

　　Correlation.

　　Trending.

　　Remediation.

　　Setup and configure SIEM, including data analysis, rule creation. establish thresholds, reference lists, and other duties.

　　Setup, investigate, and advanced troubleshooting of log transport agents.

　　Work with Client technology owners and platform leads to ensure vulnerabilities and issues are patched and remediated on time.

　　Oversee the implementation and management of operational security reporting activities.

　　Regularly, meet with the internal team to review security reports, status, review any risks, issues, incidents, and outstanding activities.

　　Vulnerability Management, Malware analysis, Threat hunting and assist in forensic analysis.

　　Managing stakeholder expectations and assisting in the reduction of the impact of a cybersecurity event or incident.

　　Contribute to maintaining knowledge base/playbooks by updating procedural documentation. Actively participate in process improvement with other team members and Wider team.

　　Maintain detailed knowledge of the clients’ environment(s), where applicable, by maintaining and updating relevant documentation.

　　Provide proactive, constant, and clear communication on the status of incident/problem resolution between the client, NTT, and any other third-party supplier and vendors.

　　Performs post-mortem analyse with logs, network traffic flows, and other recorded information to identify intrusions by unauthorised parties, as well as unauthorized activities of authorised users.

　　Manage the prevention and resolution of security breaches and ensure that the required incident and problem management processes are initiated to ensure compliance to policy.

　　Conduct presentations of the security breaches findings to the business and advise on new measures required to prevent reoccurrence of similar breaches.

　　What would make you a good fit for this role? (Mandatory skills)

　　Experience in working in Security Operation Centre.

　　Demonstrated genuine interests and passion for cybersecurity, incident problem solving is a must.

　　Working knowledge of security operations environments and security incident management & response handling.

　　Hands-on experience in managing Splunk, other SIEM logging solution like Microsoft Sentinel, ArcSight, LogRythm.

　　Hands-on knowledge on the creation of use cases within SIEM solution including advanced correlation rules.

　　Creating custom dashboards based on the client's security landscape.

　　Ability to filter through false positives quickly and focus on true positives.

　　Analyse and perform fine-tuning of SIEM rules/policies on regular basis.

　　Hands-on experience in analysing SIEM alert payload to detect any malicious activity.

　　Hands-on experience in managing Vulnerability Management solution like Qualys and Tenable experience,

　　Hands-on experience to Analyse logs/events from SIEM solution, other infrastructure,

　　Expertise in interpreting and querying Wireshark captures.

　　Experience in managing Security Incidents detect and response, Threat hunt capability with knowledge of Kill chain methodology.

　　Experience in triaging Threat feeds and work towards mitigation exercise.

　　Experience in reviewing the vulnerability, product bug reports and relating its impact to Clients environment.

　　Good understanding of Digital Forensics concept and the process followed therein.

　　Operational knowledge on Security compliance tools like AlgoSec, Firemom, Skybox or Tufin.

　　Previous experience in working on Firewalls from Palo Alto, Checkpoint, Cisco and Web security solution, End Point Security solutions like Mcafee, Symantec, Trend Micro, FireEye.

　　Desirable skills

　　Experience in managing Palo Alto Cortex XSOAR or other SOAR solutions is a plus.

　　Certification - SANS GSEC, Splunk Core Certified Power User (SCCPU), Qualys.

　　Experience in XDR or EDR solution like Carbon Black, Crowdstrike, FireEye, Palo Alto XDR.

　　Windows / Linux skills and experience with scripting/programming, especially python.

　　Proficiency in Analytics technologies like Elasticsearch, PowerBI, JSON).

　　Exposure to Cyber Security Governance and Risk Compliance (GRC) and experience in providing innovative solutions to complex cybersecurity problems.

　　Strong organisational skills & the ability to prioritise multiple complex tasks.

　　Ability to work effectively under pressure.

　　Excellent verbal and written communication skills are essential to influence both technical and non-technical audiences.

　　Academic Qualifications and Certifications:

　　Degree / Certifications

　　SANS GIAC Security Essentials (GSEC) or equivalent

　　SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent

　　SANS GIAC Certified Incident Handler (GCIH) or equivalent

　　Industry Certifications: CISSP, CISM, CISA, CEH, CHFI

　　Information Technology / ITILSM / ICT Security / ITIL v4.

　　Required Experience:

　　Extensive experience in a Technology Information Security Industry

　　Prior experience working in a SOC/CSIRT for at least 3 - 6 years

　　Good Hands-on experience on SIEM mainly Splunk solution.

　　Good Hands-on experience on Vulnerability management tools.

　　Tertiary qualifications or a passionate ethical hacker.

　　Experience using End Point Protection Software.

　　Experience with Enterprise Detection & Response software.

　　Knowledge of malware analysis, hacking techniques, latest vulnerabilities, and security trends.

　　Preferably an interest, or knowledge of, or experience with SIEM and IPS technologies.

　　Knowledge of network technologies including routers, switches, firewalls.

　　Skills Summary

　　Cisco Routers and Switches, Data Networking, IP Routing, Local Area Network (LAN), Routing Protocols, Wireless Local Area Network (WLAN), Wireless Networks

　　What will make you a good fit for the role?

　　Remote Type :

　　Equal Opportunity Employer

　　NTT is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, color, sex, religion, national origin, disability, pregnancy, marital status, sexual orientation, gender reassignment, veteran status, or other protected category

　　Is innovation part of your DNA? Do you want to enable a connected future for people, organizations, and society?

　　Join our growing global NTT family and you’ll be part of the world’s largest ICT company (by revenue). We’ve combined the capabilities of 28 remarkable companies to become one, leading technology services provider. Together, we help our people, clients, and communities do great things with technology to create a more secure and connected future.

　　We employ 40,000 people across 57 countries. By bringing together the world’s best technology companies and emerging innovators, we work together to deliver sustainable outcomes to businesses and the world. Innovation is part of our DNA. We believe it’s key to what makes us different. So, we strive to move forward, challenge the status quo, and drive excellence through the technologies we integrate and the services we deliver around the world. The result is connected cities, connected factories, connected healthcare, connected agriculture, connected conservation, connected mobility, and connected sport. Together we enable the connected future.

　　You’ll be joining a global employer that is committed to attracting, growing and keeping the best talent. A place where you will be at the heart of our success!