NTT DATA
Cybersecurity SME - Incident Response & Threat Hunting
NTT DATA, Fairfax, Virginia, United States, 22032
Cybersecurity Sme - Incident Response & Threat Hunting
NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now. We are currently seeking a Cybersecurity SME - Incident Response & Threat Hunting to join our team in Merrifield, Virginia (US-VA), United States (US). The Cybersecurity Incident Response & Threat Hunting SME leads efforts to mature enterprise-wide detection, response, and threat hunting capabilities, with a focus on cloud-native environments, enterprise systems, networks, applications, containers, services, processes and advanced adversary activity. Acting as a senior advisor, this role directs complex incident response operations, develops detection strategies, and integrates threat intelligence into proactive defense measures. The SME provides strategic oversight to SOC teams, threat analysts, other teams and leadership, ensuring alignment with the organization's security vision and regulatory requirements. This position emphasizes proactive identification of sophisticated threats, forensic analysis of security incidents, payloads, and threat actor attack strategies/vectors, and architectural recommendations to improve defense-in-depth strategy and effectiveness. Working across organizational boundaries, the SME advises on detection engineering, automation, and process improvements, while mentoring analysts and guiding threat hunting initiatives. The role is essential to enhancing resilience, closing detection gaps, and driving continuous security posture improvement. Duties and Responsibilities: Lead advanced incident response operations and provide strategic direction for containment, eradication, and recovery. Oversee proactive threat hunting initiatives to identify advanced adversary tactics and emerging threats. Integrate threat intelligence into defensive operations to improve detection, attribution, and prediction. Direct digital forensics and malware analysis to inform remediation and prevention strategies. Recommend enhancements to detection, monitoring, and defensive tooling to close visibility gaps. Maintain and refine incident response and threat hunting documentation and processes. Mentor and develop SOC and incident response personnel to strengthen organizational capability. Collaborate across business, technical, and compliance teams to embed security into operations. Basic Qualifications: A Master's degree in any of the following disciplines (Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science), from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRC. Minimum 10 years of experience in Information Technology (IT) / Information Security (IS). DoD 8140 certification for their respective area or the ability to obtain certification within six (6) months of onboarding. Active Secret Security Clearance Preferred Qualifications: Cyber Defense Analyst advanced certifications: CBROPS CFR, or OSCP CySA+ FITSP-O SANS: GCFA, GCIA, GDSA, GCIH or GICSP Experience in cloud environments (AWS, Azure, GCP) and knowledge of cloud-native security tools. Experience working in a 24x7 Security Operations Center (SOC) or supporting national security/cyber defense missions.
NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now. We are currently seeking a Cybersecurity SME - Incident Response & Threat Hunting to join our team in Merrifield, Virginia (US-VA), United States (US). The Cybersecurity Incident Response & Threat Hunting SME leads efforts to mature enterprise-wide detection, response, and threat hunting capabilities, with a focus on cloud-native environments, enterprise systems, networks, applications, containers, services, processes and advanced adversary activity. Acting as a senior advisor, this role directs complex incident response operations, develops detection strategies, and integrates threat intelligence into proactive defense measures. The SME provides strategic oversight to SOC teams, threat analysts, other teams and leadership, ensuring alignment with the organization's security vision and regulatory requirements. This position emphasizes proactive identification of sophisticated threats, forensic analysis of security incidents, payloads, and threat actor attack strategies/vectors, and architectural recommendations to improve defense-in-depth strategy and effectiveness. Working across organizational boundaries, the SME advises on detection engineering, automation, and process improvements, while mentoring analysts and guiding threat hunting initiatives. The role is essential to enhancing resilience, closing detection gaps, and driving continuous security posture improvement. Duties and Responsibilities: Lead advanced incident response operations and provide strategic direction for containment, eradication, and recovery. Oversee proactive threat hunting initiatives to identify advanced adversary tactics and emerging threats. Integrate threat intelligence into defensive operations to improve detection, attribution, and prediction. Direct digital forensics and malware analysis to inform remediation and prevention strategies. Recommend enhancements to detection, monitoring, and defensive tooling to close visibility gaps. Maintain and refine incident response and threat hunting documentation and processes. Mentor and develop SOC and incident response personnel to strengthen organizational capability. Collaborate across business, technical, and compliance teams to embed security into operations. Basic Qualifications: A Master's degree in any of the following disciplines (Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science), from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRC. Minimum 10 years of experience in Information Technology (IT) / Information Security (IS). DoD 8140 certification for their respective area or the ability to obtain certification within six (6) months of onboarding. Active Secret Security Clearance Preferred Qualifications: Cyber Defense Analyst advanced certifications: CBROPS CFR, or OSCP CySA+ FITSP-O SANS: GCFA, GCIA, GDSA, GCIH or GICSP Experience in cloud environments (AWS, Azure, GCP) and knowledge of cloud-native security tools. Experience working in a 24x7 Security Operations Center (SOC) or supporting national security/cyber defense missions.