Senior Security Consultant

Grow Your Career with NTT DATA

The Senior Security Consultant has advanced expertise in their area of specialization and is responsible for translating clients’ cybersecurity requirements and customizing and implementing security solutions into specific systems, applications and product designs.

This role identifies and develops the security solutions for clients using company products, outsourced technology solutions and technical tools, as well as consults with clients regarding secure product configuration, deployment, and security patches to minimize security vulnerabilities.

In addition, this role provides comprehensive scanning, penetration testing, vulnerability assessments, monitoring services and source code analysis and delivers detailed results to clients. This role guides and supports clients in the development and implementation of product security controls.

What you'll be doing

Key Responsibilities:

Cybersecurity Consulting:

1. Conduct cybersecurity/cloud security/ AI security risk assessments, gap analyses, and maturity assessments (e.g., NIST CSF, ISO 27001, CIS Controls,CSACCM, Zero Trust, etc.).
2. Develop and deliver cybersecurity strategies, roadmaps, and security architecture recommendations.
3. Provide advisory services on compliance and regulatory requirements (e.g., PDPA, BNM RMiT, PCI-DSS, Cybersecurity Act).
4. Assist clients in developing or enhancing their cybersecurity governance, risk, and compliance (GRC) programs.
5. Deliver security awareness sessions and cybersecurity workshops for stakeholders.
6. Design and conduct effective cyber-attack drill and table-top exercise, enhancing response capability and bolstering defences against cyber threats.

Offensive Security & Purple Teaming:

1. Plan and execute internal/external penetration tests on applications, networks, and infrastructure.
2. Conduct red team exercises, adversary simulations, and social engineering tests to evaluate organizational resilience.
3. Present technical findings and recommendations to both technical and non-technical audiences in a clear and actionable format.
4. Contribute to the development of offensive tools and methodologies aligned with industry standards (e.g., MITRE ATT&CK, OWASP).
5. Collaborate with client defenders in purple teaming engagements to validate detection and response capabilities.

Client Engagement & Project Delivery:

1. Lead or support the delivery of consulting and technical security engagements.
2. Collaborate with stakeholders to understand and translate business needs into security requirements.
3. Prepare high-quality documentation, including assessment reports, executive summaries, and presentation slides.
4. Work independently or as part of a team to deliver assignments on time and within the defined scope.

Knowledge and Attributes:

1. Excellent knowledge of cybersecurity principles, risk management, compliance standards, and advanced security technologies.
2. Good knowledge of the technology industry, including trends, emerging technologies, and their potential impact on cybersecurity.
3. Solid understanding of security risks and security controls.
4. Excellent understanding of security operational processes and controls.
5. Service consulting aptitude, focusing on the business, service and sales aspects.
6. Excellent verbal and written communication skills.
7. Maintain up-to-date knowledge of security threats, countermeasures, security tools, and network technologies.
8. High level of drive and ability to work under pressure.
9. Ability to build and maintain cross-functional relationships with a variety of stakeholders.
10. Understanding of relevant laws, regulations, and compliance frameworks affecting the technology sector.
11. Good ability to assess and manage cybersecurity risks at both organizational and project levels.
12. Good knowledge of security frameworks and standards like NIST, ISO/IEC 27001, CIS, etc.
13. Strong knowledge of security threat modeling, including Microsoft STRIDE and the Agentic AI Threat Modeling framework, MAESTRO.

Academic Qualifications and Certifications:

1. Bachelor's degree or equivalent in Information Technology or Computer Science or Engineering or related field.
2. 3–15 years of relevant experience in cybersecurity consulting and/or offensive security.
3. Hands-on experience with cybersecurity frameworks, penetration testing, and security architecture.
4. Familiarity with tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, Nmap, etc.
5. Understanding of MITRE ATT&CK, OWASP Top 10, and red teaming methodologies.
6. Experience conducting or participating in purple team exercises, including working directly with SOC or blue teams.
7. Strong written and verbal communication skills with the ability to present to senior stakeholders.
8. Preferred certifications include CISSP, CISA, CCSP, OSCP, OSCE, CREST, GPEN, or their equivalents.
9. Experience with Zero Trust, Cloud Security (e.g., AWS/Azure/GCP), and DevSecOps is a plus.
10. Experience in regulated industries such as banking, telecommunications, government, or critical infrastructure is advantageous.

Workplace type: Hybrid Working

Equal Opportunity Employer
NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Accelerate your career with us. Apply today.