Senior Digital Forensics Incident Response Analyst at NTT Ltd.

Your day at NTT DATA
 

• The Senior Information Security Incident Response Analyst leads complex incident investigations and digital forensic analysis for clients across diverse environments. This role focuses on determining root cause and impact, guiding clients through containment and remediation, and clearly communicating technical findings to both technical and executive stakeholders.
• The analyst serves as a senior escalation point, mentors and trains junior responders, and contributes to maturing team processes, workflows, and response capabilities. They collaborate with internal teams and external partners while maintaining strong, professional client engagement throughout each incident.

Key Responsibilities

• Investigates security incidents for clients by performing host, disk, memory, network, cloud, and mobile forensics.
• Conducts detailed artifact analysis across Windows, Linux, and macOS systems and reconstructs event timelines using disk images, memory captures, network data, and cloud logs.
• Guides clients through containment, eradication, and recovery activities, providing clear technical recommendations and communications.
• Acts as a senior escalation point for complex incidents and supports the development and mentoring of junior analysts.
• Participates in an on‑call rotation to support urgent, time‑sensitive incident response needs.
• Completes internal and client project work such as tabletop exercises, IR readiness engagements, environment hardening reviews, and forensic assessments.
• Identifies gaps and weaknesses in client environments and provides recommendations to reduce risk and strengthen posture.
• Produces accurate, concise documentation, including investigation notes, status communications, and final reports.
• Collaborates with global DFIR and cyber defense teams and maintains awareness of current threats, tactics, and forensic methodologies.

Knowledge and Attributes

• Advanced knowledge of digital forensics, including disk and memory image analysis across Windows, Linux, and macOS platforms.
• Strong understanding and experience with network forensics, cloud forensics (Azure, AWS, GCP) and mobile forensics (iOS/Android).
• Ability to communicate complex technical findings clearly to both technical and non‑technical client stakeholders.
• Strong analytical, critical thinking, and problem‑solving abilities during high‑pressure investigations.
• Capable of mentoring junior responders and supporting continuous improvement of DFIR capabilities.

Required Experience

• Significant hands‑on experience in digital forensics and incident response across host, disk, memory, network, cloud, and mobile environments.
• Advanced experience using SIEM, EDR, IDS/IPS, packet analysis utilities, and forensic toolsets in active investigations.
• Advanced ability to analyze network traffic using tools such as Wireshark or tcpdump to distinguish normal and malicious behavior.
• Experience working in cybersecurity consulting, DFIR services, or equivalent technical security roles.

Academic Qualifications and Certifications

• Bachelor’s degree or equivalent in Information Technology, Computer Science, Cybersecurity, or a related discipline (preferred).
• Relevant GIAC or equivalent certifications such as: GSEC – Security Essentials GCIA – Certified Intrusion Analyst GCIH – Certified Incident Handler
• Additional DFIR‑related certifications are considered a plus.