JOB DESCRIPTION
The team you'll be working with:
This position is Hybrid flexible working options.
Please note, you will need to be eligible for SC clearance
-
NTT DATA is one of the world's largest global security service providers, partnering with some of the most recognized security technology brands. We're looking for passionate, curious, and motivated individuals to join our team.
Using your advanced expertise in digital forensics, incident response, and cyber threat investigation, you will lead complex DFIR engagements, conduct advanced forensic analysis across diverse platforms, and provide authoritative guidance during major security incidents. You will work independently on sophisticated investigations, coordinate multi-disciplinary incident response activities, and deliver expert testimony and forensic reporting while mentoring junior investigators and analysts.
What you'll be doing:
KEY RESPONSIBILITIES
Advanced Digital Forensic Investigations
1. Lead complex digital forensic investigations across Windows, Linux, macOS, mobile, and cloud platforms
2. Conduct advanced disk, memory, network, and malware forensic analysis with minimal supervision
3. Perform forensically sound evidence acquisition from diverse systems and environments
4. Analyze complex attack chains, lateral movement, and advanced persistent threat activities
5. Reconstruct incident timelines and attacker methodologies from forensic artifacts
6. Provide expert forensic analysis for legal proceedings, regulatory investigations, and internal reviews
Incident Response Leadership
7. Lead major incident response engagements for sophisticated cyber attacks and data breaches
8. Coordinate multi-team incident response activities across technical, legal, and business stakeholders
9. Perform advanced threat hunting, containment, eradication, and recovery activities
10. Develop and execute incident response strategies for complex security events
11. Interface with executive leadership, legal counsel, and regulatory bodies during major incidents
12. Conduct post-incident reviews and develop remediation roadmaps
Malware Analysis and Reverse Engineering
13. Conduct static and dynamic malware analysis on sophisticated threats and custom malware
14. Perform reverse engineering of malicious code to understand capabilities and attribution
15. Analyze exploitation techniques, persistence mechanisms, and command and control infrastructure
16. Develop indicators of compromise (IOCs) and detection signatures from malware analysis
17. Document malware behavior, capabilities, and remediation procedures
18. Contribute to threat intelligence with malware analysis findings and IOCs
Cloud and Container Forensics
19. Lead forensic investigations in cloud environments including AWS, Azure, and GCP
20. Conduct container and Kubernetes forensic analysis for cloud-native incidents
21. Analyze cloud logs, API calls, and identity activity for security investigations
22. Perform forensic acquisition and analysis of cloud workloads and serverless environments
23. Investigate cloud-specific attack vectors including misconfigurations and identity compromise
24. Develop cloud forensic methodologies and investigation playbooks
Threat Intelligence and Attribution Analysis
25. Analyze threat actor tactics, techniques, and procedures (TTPs) using MITRE ATT&CK framework
26. Conduct threat attribution analysis based on forensic artifacts and intelligence sources
27. Correlate internal incident data with external threat intelligence feeds
28. Identify advanced persistent threat campaigns and targeted attack patterns
29. Develop tactical and strategic threat intelligence from investigation findings
30. Share threat intelligence with industry partners and information sharing communities
Expert Witness and Legal Support
31. Provide expert witness testimony in legal proceedings and regulatory investigations
32. Prepare forensic reports meeting legal and regulatory evidentiary standards
33. Work with legal teams on e-discovery, litigation support, and regulatory response
34. Maintain chain of custody and forensic integrity throughout investigations
35. Present technical findings to non-technical audiences including courts and regulators
36. Support law enforcement and regulatory agencies with cyber investigations
KEY PERFORMANCE INDICATORS
37. Successful resolution of complex digital forensic investigations with actionable findings
38. Client satisfaction scores for DFIR engagements and incident response leadership (target: 4.5/5.0+)
39. Quality and accuracy of forensic analysis and investigation reports
40. Effective incident containment and recovery with minimal business impact
41. Contribution to DFIR methodologies, tools, and threat intelligence
42. Professional recognition through certifications, speaking engagements, or research publications
What experience you'll bring:
Advanced Digital Forensics Expertise
43. Mastery of forensic analysis across multiple operating systems (Windows, Linux, macOS, mobile)
44. Expert knowledge of disk forensics, file system analysis, and data recovery techniques
45. Advanced memory forensics and volatile data analysis capabilities
46. Deep understanding of network forensics and packet analysis for investigations
47. Comprehensive knowledge of cloud forensics and container investigation techniques
Forensic Tools and Platforms
48. Forensic suites: EnCase, FTK, X-Ways Forensics, Autopsy, SIFT Workstation
49. Memory forensics: Volatility, Rekall, WinDbg, memory imaging tools
50. Network forensics: Wireshark, NetworkMiner, Zeek, tcpdump, packet analysis
51. Malware analysis: IDA Pro, Ghidra, OllyDbg, x64dbg, Cuckoo Sandbox, REMnux
52. Mobile forensics: Cellebrite, Magnet AXIOM, iOS and Android forensic tools
Incident Response and Threat Hunting
53. EDR platforms: CrowdStrike Falcon, Carbon Black, Microsoft Defender, SentinelOne
54. SIEM and logging: Splunk, ELK Stack, Azure Sentinel, log analysis and correlation
55. Threat hunting: YARA rules, Sigma rules, threat hunting frameworks and methodologies
56. IR tools: Velociraptor, KAPE, GRR Rapid Response, PowerShell forensics
57. Cloud forensics: AWS CloudTrail, Azure Monitor, GCP Cloud Logging, cloud IR tools
Technical Knowledge Areas
58. Operating systems: Deep Windows internals, Linux forensics, macOS artifacts, registry analysis
59. File systems: NTFS, ext4, APFS, FAT, artifact analysis and timeline reconstruction
60. Networking: TCP/IP, network protocols, proxy logs, firewall analysis
61. Malware techniques: Packing, obfuscation, anti-analysis, persistence mechanisms
62. Cloud platforms: AWS, Azure, GCP architecture and forensic artifact locations
Incident Management and Communication
63. Senior-level communication with executives, legal teams, and regulatory bodies
64. Crisis management and calm leadership during high-pressure security incidents
65. Ability to translate complex technical findings into business impact assessments
66. Coordination of cross-functional teams during major incident response
67. Presentation skills for delivering findings to diverse stakeholder audiences
Professional Skills
68. Independent problem-solving for complex and novel forensic challenges
69. Analytical thinking and attention to detail in evidence analysis
70. Calm and methodical approach during high-stress incident response situations
71. Strong written communication for forensic reports and legal documentation
72. Mentoring and knowledge transfer to junior forensic analysts
Certifications Required
73. GCFA (GIAC Certified Forensic Analyst) or GCFE (GIAC Certified Forensic Examiner) - Mandatory
74. GREM (GIAC Reverse Engineering Malware) or CHFI (Computer Hacking Forensic Investigator) - Preferred
75. GCIH (GIAC Certified Incident Handler) or ECIH (EC-Council Certified Incident Handler) - Preferred
76. EnCE (EnCase Certified Examiner) or vendor forensic tool certification - Beneficial
77. Eligible: UK SC security clearance (DV clearance advantageous)
QUALIFICATIONS
Education
78. Bachelor's degree in Computer Science, Digital Forensics, Cybersecurity, Computer Engineering, or related field
79. Master's degree in Digital Forensics or Cybersecurity preferred
80. Advanced professional certifications in digital forensics and incident response
Experience
81. 6+ years of progressive experience in digital forensics, incident response, or cyber investigations
82. 3+ years leading complex forensic investigations and major incident response engagements
83. Proven track record conducting forensic analysis for legal proceedings or regulatory investigations
84. Experience with advanced threat actors, APT investigations, or nation-state incidents
85. Hands-on expertise with enterprise EDR, SIEM, and forensic analysis platforms
Strategic Responsibilities:
86. Lead major incident response operations and forensic investigations
87. Develop forensic methodologies and incident response playbooks
88. Provide expert guidance during crisis situations and security breaches
CERTIFICATION AND PROFESSIONAL DEVELOPMENT
Advanced Professional Requirements
89. GCFA or GCFE demonstrating advanced digital forensic capabilities
90. GREM for malware analysis and reverse engineering expertise
91. GCIH for incident handling and response leadership
92. Continuous professional development in emerging forensic techniques and threat landscape
Thought Leadership Expectations
93. Contribution to digital forensics research and methodology development
94. Speaking engagements at DFIR, incident response, and cybersecurity conferences
95. Publication of forensic research, case studies, and technical analysis
96. Active participation in forensic and incident response communities
97. Contribution to open-source forensic tools and detection content
WORK ENVIRONMENT
98. High-pressure incident response environment requiring rapid mobilization
99. On-call rotation for major security incidents and breach response
100. Mix of proactive forensic investigations and reactive incident response
101. Regular interaction with executive leadership during crisis situations
102. Potential travel to client sites for on-site forensic acquisition and incident response
103. Hybrid working model with flexibility for emergency incident response
Who we are:
We’re a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.
Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.
what we'll offer you:
We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.
You can find more information about NTT DATA UK & Ireland here:
We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.