Senior Digital Forensics Incident Response Analyst at NTT Ltd.
NTT Ltd.
Your day at NTT DATA
The Senior Information Security Incident Response Analyst leads complex incident investigations and digital forensic analysis for clients across diverse environments. This role focuses on determining root cause and impact, guiding clients through containment and remediation, and clearly communicating technical findings to both technical and executive stakeholders.
The analyst serves as a senior escalation point, mentors and trains junior responders, and contributes to maturing team processes, workflows, and response capabilities. They collaborate with internal teams and external partners while maintaining strong, professional client engagement throughout each incident.
Key Responsibilities
Investigates security incidents for clients by performing host, disk, memory, network, cloud, and mobile forensics.
Conducts detailed artifact analysis across Windows, Linux, and macOS systems and reconstructs event timelines using disk images, memory captures, network data, and cloud logs.
Guides clients through containment, eradication, and recovery activities, providing clear technical recommendations and communications.
Acts as a senior escalation point for complex incidents and supports the development and mentoring of junior analysts.
Participates in an onÃÂâÃÂÃÂÃÂÃÂcall rotation to support urgent, timeÃÂâÃÂÃÂÃÂÃÂsensitive incident response needs.
Completes internal and client project work such as tabletop exercises, IR readiness engagements, environment hardening reviews, and forensic assessments.
Identifies gaps and weaknesses in client environments and provides recommendations to reduce risk and strengthen posture.
Produces accurate, concise documentation, including investigation notes, status communications, and final reports.
Collaborates with global DFIR and cyber defense teams and maintains awareness of current threats, tactics, and forensic methodologies.
Knowledge and Attributes
Advanced knowledge of digital forensics, including disk and memory image analysis across Windows, Linux, and macOS platforms.
Strong understanding and experience with network forensics, cloud forensics (Azure, AWS, GCP) and mobile forensics (iOS/Android).
Ability to communicate complex technical findings clearly to both technical and nonÃÂâÃÂÃÂÃÂÃÂtechnical client stakeholders.
Strong analytical, critical thinking, and problemÃÂâÃÂÃÂÃÂÃÂsolving abilities during highÃÂâÃÂÃÂÃÂÃÂpressure investigations.
Capable of mentoring junior responders and supporting continuous improvement of DFIR capabilities.
Required Experience
Significant handsÃÂâÃÂÃÂÃÂÃÂon experience in digital forensics and incident response across host, disk, memory, network, cloud, and mobile environments.
Advanced experience using SIEM, EDR, IDS/IPS, packet analysis utilities, and forensic toolsets in active investigations.
Advanced ability to analyze network traffic using tools such as Wireshark or tcpdump to distinguish normal and malicious behavior.
Experience working in cybersecurity consulting, DFIR services, or equivalent technical security roles.
Academic Qualifications and Certifications
Bachelor's degree or equivalent in Information Technology, Computer Science, Cybersecurity, or a related discipline (preferred).
Relevant GIAC or equivalent certifications such as: GSEC - Security Essentials GCIA - Certified Intrusion Analyst GCIH - Certified Incident Handler
Additional DFIRÃÂâÃÂÃÂÃÂÃÂrelated certifications are considered a plus.