Cybersecurity Incident Responder

Job Summary

The Cyber Incident Responder is responsible for detecting, analyzing, containing, eradicating, and recovering from cybersecurity incidents across enterprise, endpoint, network, and cloud environments. This role supports daily cyber defense operations by responding to malicious activity, suspicious events, policy violations, malware infections, spillages, and other reportable cyber incidents.

Conduct investigations and respond to cybersecurity alerts and confirmed incidents across enterprise networks and cloud platforms such as AWS, Microsoft Azure, and Google Cloud. Execute containment actions on compromised systems or accounts, support eradication and recovery efforts, and document all response activities through incident closure. Analyze malware infections and respond to indicators of ransomware, trojans, spyware, and unauthorized software, coordinating host containment and remediation actions such as antivirus or EDR scanning, reimaging, and evidence preservation when necessary.

Maintain knowledge of DoD and federal incident categories, including handling or assisting with CAT 1, 2, 4, 7, and CAT 5 spillage events, and understand appropriate escalation procedures and reporting timelines. Manage spillage and data‑loss events by containing and sanitizing affected systems, coordinating reporting and remediation, and supporting insider‑threat or data‑exfiltration investigations as required.

Conduct continuous monitoring by reviewing SIEM alerts, logs, endpoint notifications, and user reports, using tools such as Trellix ESS, Splunk ES, Splunk SOAR, MAR/HX, NSM, Varonis, IDS, Stealthwatch, Cylance, and Fore Scout to correlate data and determine incident scope and impact. Provide strong documentation and reporting, including creating incident tickets, detailed timelines, after‑action reports, maintaining evidence and chain‑of‑custody records, and briefing leadership or management as needed.

• Minimum 7 years’ of professional experience
• Minimum 4 years’ of experience in cybersecurity, help desk, system administration, SOC, or IR
• Minimum 1 year of experience in Incident Response lifecycle (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned)
• Minimum 1 year of experience in Email phishing investigations
• Minimum 1 year of experience with one or more:
  Splunk and Elastic for Cloud;
  Endpoint Detection & Response (EDR) tools;
  Antivirus platforms;
  Vulnerability scanners (ACAS);
  Service Now, Remedy or similar ticketing systems
• DoD 8570/8140 certification:
  CompTIA Security+ CE
• Top Secret Security Clearance, SCI eligible

• Malware basics
• Networking fundamentals (IP, DNS, ports, protocols)
• Experience supporting enterprise IT environment
• Certification in one of:
  CySA+, CASP+, GIAC (GCIH, GCFA, etc.)

NTT DATA provides a reasonable range of compensation for specific roles. The starting pay range for this role is $90,146 - $150,244. Actual compensation will depend on a number of factors, including the candidate’s relevant experience, technical skills, and other qualifications. This position may also be eligible for incentive compensation based on individual and/or company performance. This position is eligible for company benefits including medical, dental, and vision insurance with an employer contribution, flexible spending or health savings account, life and AD&D insurance, short and long term disability coverage, paid time off, employee assistance, participation in a 401k program with company match, and additional voluntary or legally-required benefits.

Nearest Major Market:
Fayetteville

Job Segment:
Cloud, Help Desk, Information Technology, Consulting, Information Security, Technology