Job Detail

Position Summary
The Senior Digital Forensics & Incident Response Consultant (DFIR) will work within established Incident Response methodologies to perform a variety of related activities for NTT customers. This will include responding to Cyber Incidents, proactively hunting for adversaries in customer networks, and performing IR Readiness and Maturity Assessments, as such they will be expected to work independently with little management oversight whilst responding to customer Incidents. The Senior DFIR Consultant will also be responsible for leading and working on projects that will support tactical and strategic business objectives such as Incident Response, Gap Analysis assessments and other proactive DFIR engagements.

Demonstration of leadership abilities to provide a clear professional approach to customer facing engagements during the most trying and complex situations such as a data breach. To provide clear and concise communication with a variety of stakeholders from customer IT staff up to C Suite. With the ability to lead during a crisis, show personal agility to adapt to changing environments, and a strong comprehension of malware, emerging threats and the ability to demonstrate risks to the customers business as the result of a breach.

NTT Security provide both first line DFIR services and extensive IR consultancy to large organisations where the development and maturity of customers in house IR capabilities is required. The consultant will be expected to work closely with other internal security teams such as SOC and Penetration Testing. A solid understanding of real life attacks is essential in the Consultant to provide high quality Incident Response services to our customers. 

Key Accountabilities

• Lead and perform Incident Response engagements for customers, 


• Supporting Presales engagements and providing Subject Matter Expertise for pre sales calls and meetings.


• Proactively hunt for adversaries on customer networks utilising a variety of tools and techniques


• Responsible for Incident and Breach communications, assessments, and reports that may be both internal and customer facing, to include leadership and executive management for the purpose of enabling Senior Management to make decisions in a crisis situation.


• Understanding of different attacks and how best to design custom containment and remediation plans for customers


• Lead projects for Incident Response, which can be simple small engagements up to large multinational organisations.


• Develop and document processes to ensure consistent and scalable response operations


• Demonstrate industry leadership through blog posts and public speaking at conferences and events as well as provide mentorship to more junior staff members.


• Understand what sophisticated, real world attacks look like and how to identify TTP’s within log data, network traffic and within Forensic images of compromised assets.

Experience, Skills and Qualifications 

• Proven experience with Incident Response, as well as detection, networking and endpoint solutions, are all mandatory.


• Be hands on familiar with IR toolsets and investigation techniques on both Windows and GNU/Linux Operating Systems.


• Proven Forensic Analysis experience.


• Malware Analysis skills (triage a minimum, reverse engineering desired).


• Experience with enterprise level EDR and SIEM platforms.


• Collaborative attitude and able to serve as a liaison to different businesses and interface with fellow team members and colleagues on other security teams. 


• Working within cyber defence for 5 years + and Incident Response for the last 2 years


• IT Security related degree (or show practical experience).


• Hold a CREST or SANS (or other industry related exam) in Incident Response (CREST Certified Incident Manager, CREST Certified Network or Host Intrusion Analyst, SANS GCIH, etc.), or be able to sit and pass one of the CREST Incident Response exam within 6 months


• In-depth knowledge of operating systems – Windows & Linux, firewalls, HIDS/HIPS & IDS/IPS


• Experience with OSINT and threat intelligence gathering methods


• Excellent verbal, written and presentation skills


• Mandatory Language Skills German, English (Written & Spoken). Additional French or other European Language is highly desirable.


• Deliver post event IR assessments and desktop/real life IR simulations at a technical and executive level


• Be able to guide, influence and provide thought leadership within incident response services


• Knowledge and experience with proactive threat hunting techniques and procedures

#NTTLtdTeam #Cybersecurity