Cybersecurity SME - Incident Response & Threat Hunting at NTT DATA

Merrifield, Virginia, United States -

Full Time

Start Date

Immediate

Expiry Date

02 Jan, 26

Salary

0.0

Posted On

04 Oct, 25

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Incident Response, Threat Hunting, Detection Engineering, Automation, Process Improvements, Cloud Security, SIEM, EDR, SOAR, Cybersecurity, Behavioral Analytics, Threat Intelligence, Analyst Mentoring, Compliance, Security Operations Center, Adversary Campaigns

Industry

IT Services and IT Consulting

Description

Working across organizational boundaries, the SME advises on detection engineering, automation, and process improvements, while mentoring analysts and guiding threat hunting initiatives. 1. Lead advanced incident response operations and provide strategic direction for containment, eradication, and recovery. 1. Direct enterprise-level coordination for high-severity cloud and hybrid incidents. Advise on incident prioritization, escalation, and cross-team communication. Ensure incident response processes align with federal and organizational standards. Guide hypothesis-driven hunts leveraging telemetry, behavioral analytics, and threat intel. Advise on operationalizing intelligence feeds into SOC workflows. Provide assessments on potential adversary campaigns targeting the enterprise. Evaluate SIEM, EDR, SOAR, and cloud-native security tool configurations for optimization. Advise on automation opportunities for repetitive detection and response activities. Ensure procedures reflect evolving threats, compliance mandates, and best practices. Provide expert guidance during live incidents and tabletop exercises. Advise on analyst skill development and threat hunting methodology. Support recruitment and retention of high-caliber cybersecurity talent. Collaborate across business, technical, and compliance teams to embed security into operations. Advise program management and leadership on emerging risks and mitigation strategies. Contribute to cross-functional reviews of architecture changes impacting security. Participate in enterprise planning for security budget and capability roadmaps. A Master's degree in any of the following disciplines (Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science), from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRC. One-and-one half (1.5) years of additional experience can substitute for one (1) year of a typical degree program. Minimum 10 years of experience in Information Technology (IT) / Information Security (IS). DoD 8140 certification for their respective area or the ability to obtain certification within six (6) months of onboarding. Active Secret Security Clearance CBROPS CFR, or OSCP CySA+ FITSP-O SANS: GCFA, GCIA, GDSA, GCIH or GICSP Experience in cloud environments (AWS, Azure, GCP) and knowledge of cloud-native security tools. Experience working in a 24x7 Security Operations Center (SOC) or supporting national security/cyber defense missions.

Responsibilities

Lead advanced incident response operations and provide strategic direction for containment, eradication, and recovery. Guide hypothesis-driven hunts leveraging telemetry, behavioral analytics, and threat intel.