Senior Security Consultant

Grow Your Career with NTT DATA

As a Senior Cybersecurity Consultant, your day involves collaborating closely with clients to assess their cybersecurity needs and provide expert insights that inform strategic decision-making. You will analyze current security postures, identify gaps, and deliver detailed recommendations, maturity assessments, and roadmaps aligned with recognized frameworks but not limited to NIST Cybersecurity Framework (CSF), ISO 27001, and Zero Trust.

In this role, you will be instrumental in preparing technical proposals and solution narratives for client Requests for Quotations (RFQs) and Requests for Proposals (RFPs). Your task will be to translate complex security challenges into clear, actionable strategies and value propositions. Your contributions will support the business development cycle and ensure the delivery of well-scoped, relevant, and impactful consulting engagements.

Whether conducting security assessments, leading offensive security tests, or advising on regulatory compliance, your expertise will help clients enhance their cyber resilience in an ever-evolving threat landscape.

What you'll be doing

Key Responsibilities:

Cybersecurity Consulting:
- Conduct cybersecurity/cloud security/ AI security risk assessments, gap analyses, and maturity assessments (e.g., NIST CSF, ISO 27001, CIS Controls,CSACCM, Zero Trust, etc.).
- Develop and deliver cybersecurity strategies, roadmaps, and security architecture recommendations.
- Provide advisory services on compliance and regulatory requirements (e.g., PDPA, BNM RMiT, PCI-DSS, Cybersecurity Act).
- Assist clients in developing or enhancing their cybersecurity governance, risk, and compliance (GRC) programs.
- Deliver security awareness sessions and cybersecurity workshops for stakeholders.

- Design and conduct effective cyber-attack drill and table-top exercise, enhancing response capability and bolstering defences against cyber threats.

Offensive Security & Purple Teaming:

- Plan and execute internal/external penetration tests on applications, networks, and infrastructure.
- Conduct red team exercises, adversary simulations, and social engineering tests to evaluate organizational resilience.
- Present technical findings and recommendations to both technical and non-technical audiences in a clear and actionable format.
- Contribute to the development of offensive tools and methodologies aligned with industry standards (e.g., MITRE ATT&CK, OWASP).

- Collaborate with client defenders in purple teaming engagements to validate detection and response capabilities.

Client Engagement & Project Delivery:
- Lead or support the delivery of consulting and technical security engagements.
- Collaborate with stakeholders to understand and translate business needs into security requirements.
- Prepare high-quality documentation, including assessment reports, executive summaries, and presentation slides.
- Work independently or as part of a team to deliver assignments on time and within the defined scope.

Knowledge and Attributes:

- Excellent knowledge of cybersecurity principles, risk management, compliance standards, and advanced security technologies.

- Good knowledge of the technology industry, including trends, emerging technologies, and their potential impact on cybersecurity.

- Solid understanding of security risks and security controls.

- excellent understanding of security operational processes and controls.

- Service consulting aptitude, focusing on the business, service and sales aspects.

- Excellent verbal and written communication skills.

- Maintain up-to-date knowledge of security threats, countermeasures, security tools, and network technologies.

- High level of drive and ability to work under pressure.

- Ability to build and maintain cross-functional relationships with a variety of stakeholders.

- Understanding of relevant laws, regulations, and compliance frameworks affecting the technology sector.

- Good ability to assess and manage cybersecurity risks at both organizational and project levels.

- Good knowledge of security frameworks and standards like NIST, ISO/IEC 27001, CIS, etc.

- Strong knowledge of security threat modeling, including Microsoft STRIDE and the Agentic AI Threat Modeling framework, MAESTRO.

Academic Qualifications and Certifications:

- Bachelor's degree or equivalent in Information Technology or Computer Science or Engineering or related field.
- 3–15 years of relevant experience in cybersecurity consulting and/or offensive security.
- Hands-on experience with cybersecurity frameworks, penetration testing, and security architecture.
- Familiarity with tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, Nmap, etc.
- Understanding of MITRE ATT&CK, OWASP Top 10, and red teaming methodologies.

- Experience conducting or participating in purple team exercises, including working directly with SOC or blue teams.
- Strong written and verbal communication skills with the ability to present to senior stakeholders.
- Preferred certifications include CISSP, CISA, CCSP, OSCP, OSCE, CREST, GPEN, or their equivalents.
- Experience with Zero Trust, Cloud Security (e.g., AWS/Azure/GCP), and DevSecOps is a plus.
- Experience in regulated industries such as banking, telecommunications, government, or critical infrastructure is advantageous.

Workplace type:

Hybrid Working

Equal Opportunity Employer
NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Accelerate your career with us. Apply today