Cybersecurity Incident Responder

Req ID: 373115 NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now. We are currently seeking a Cybersecurity Incident Responder to join our team in Fort Bragg, North Carolina (US-NC), United States (US). Job Summary: The Cyber Incident Responder is responsible for detecting, analyzing, containing, eradicating, and recovering from cybersecurity incidents across enterprise, endpoint, network, and cloud environments. This role supports daily cyber defense operations by responding to malicious activity, suspicious events, policy violations, malware infections, spillages, and other reportable cyber incidents. The ideal candidate understands core incident response principles, follows established procedures, and coordinates effectively with system administrators, network teams, security leadership, and mission stakeholders throughout cyber events. Key responsibilities include conducting investigations and responding to cybersecurity alerts and confirmed incidents across enterprise networks and cloud platforms such as AWS, Microsoft Azure, and Google Cloud. The responder executes containment actions on compromised systems or accounts, supports eradication and recovery efforts, and documents all response activities through incident closure. The role also involves analyzing malware infections and responding to indicators of ransomware, trojans, spyware, and unauthorized software, coordinating host containment and remediation actions such as antivirus or EDR scanning, reimaging, and evidence preservation when necessary. Additionally, the position requires knowledge of DoD and federal incident categories, including handling or assisting with CAT 1, 2, 4, 7, and CAT 5 spillage events, and understanding appropriate escalation procedures and reporting timelines. The responder also manages spillage and data-loss events by containing and sanitizing affected systems, coordinating reporting and remediation, and supporting insider-threat or data-exfiltration investigations as required. The role conducts continuous monitoring by reviewing SIEM alerts, logs, endpoint notifications, and user reports, utilizing tools such as Trellix ESS, Splunk ES, Splunk SOAR, MAR/HX, NSM, Varonis, IDS, Stealthwatch, Cylance, and ForeScout to correlate data and determine incident scope and impact. Strong documentation and reporting skills are essential, including creating accurate incident tickets, detailed timelines, after-action reports, maintaining evidence and chain-of-custody records, and briefing leadership or management as needed. Basic Qualifications: * Minimum 7 years’ of professional experience * Minimum 4 years’ of experience in cybersecurity, help desk, system administration, SOC, or IR. * Minimum 1 year of experience in Incident Response lifecycle (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned) * Minimum 1 year of experience in Email phishing investigations * Minimum 1 year of experience with one or more: * Splunk and Elastic for Cloud * Endpoint Detection & Response (EDR) tools * Antivirus platforms * Vulnerability scanners (ACAS) * ServiceNow, Remedy or similar ticketing systems * DoD 8570/8140 certification: CompTIA Security+ CE * Top Secret Security Clearance, SCI eligible. Preferred Qualifications: * Malware basics * Networking fundamentals (IP, DNS, ports, protocols) * Experience supporting enterprise IT environment * Certification in one of: CySA+, CASP+, GIAC (GCIH, GCFA, etc.) About NTT DATA NTT DATA is a $30 billion business and technology services leader, serving 75% of the Fortune Global 100. We are committed to accelerating client success and positively impacting society through responsible innovation. We are one of the world's leading AI and digital infrastructure providers, with unmatched capabilities in enterprise-scale AI, cloud, security, connectivity, data centers and application services. our consulting and Industry solutions help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have experts in more than 50 countries. We also offer clients access to a robust ecosystem of innovation centers as well as established and start-up partners. NTT DATA is a part of NTT Group, which invests over $3 billion each year in R&D. Whenever possible, we hire locally to NTT DATA offices or client sites. This ensures we can provide timely and effective support tailored to each client’s needs. While many positions offer remote or hybrid work options, these arrangements are subject to change based on client requirements. For employees near an NTT DATA office or client site, in-office attendance may be required for meetings or events, depending on business needs. At NTT DATA, we are committed to staying flexible and meeting the evolving needs of both our clients and employees. NTT DATA recruiters will never ask for payment or banking information and will only use @nttdata.com, @nttdatafed.com and @talent.nttdataservices.com email addresses. If you are requested to provide payment or disclose banking information, please submit a contact us form, https://us.nttdata.com/en/contact-us. NTT DATA endeavors to make https://us.nttdata.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at https://us.nttdata.com/en/contact-us. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications. NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click here. If you'd like more information on your EEO rights under the law, please click here. For Pay Transparency information, please click here.