NDR Consultant

NDR Security Engineer Job Summary We are seeking a skilled NDR Security Engineer to design, implement, and manage a Network Detection and Response (NDR) presence across customer environments. The ideal candidate will have deep expertise in cloud networking, traffic analysis, and security operations, with a proven ability to deploy NDR solutions that enhance threat visibility and response. This role will collaborate with security, DevOps, and network teams to ensure comprehensive monitoring and rapid incident mitigation in a dynamic, customer infrastructure. Key Responsibilities NDR Deployment: o Architect and deploy NDR solutions (e.g., ExtraHop, Vectra AI, Darktrace) in AWS and Azure to monitor critical workloads. o Configure traffic mirroring using AWS VPC Traffic Mirroring and Azure Virtual Network TAP (vTAP) to feed network data to the NDR platform. o Implement centralized traffic aggregation across multiple VPCs/VNets using AWS Transit Gateway or Azure Virtual WAN. Cloud Integration: o Integrate NDR with AWS services (GuardDuty, Security Hub, CloudWatch) and Azure services (Defender for Cloud, Sentinel, Azure Monitor) for layered threat detection. o Pipe metadata from VPC Flow Logs and NSG Flow Logs into the NDR for enhanced context. Automation and Scalability: o Develop and maintain Infrastructure-as-Code (IaC) templates (e.g., CloudFormation, ARM, Terraform) to automate NDR deployments. o Create scripts (e.g., Python, PowerShell) and automation workflows (e.g., Lambda, Azure Functions) to dynamically adjust traffic mirroring and respond to threats. o Implement auto-scaling for NDR instances to handle variable traffic loads. Threat Detection and Response: o Analyse network traffic and behavioural patterns to identify anomalies (e.g., lateral movement, data exfiltration). o Triage NDR alerts, correlate with cloud-native findings, and recommend or automate containment actions (e.g., isolate compromised instances). o Conduct forensic analysis using captured traffic data for post-incident investigations. Optimization and Testing: o Tune NDR configurations to reduce false positives and optimize performance (e.g., filter benign traffic). o Simulate attacks (e.g., port scans, malware) to validate detection and response capabilities. o Monitor and manage costs related to traffic mirroring, storage (e.g., S3, Blob Storage), and NDR operations. Documentation and Collaboration: o Document NDR architecture, configurations, and incident response procedures. o Collaborate with SOC analysts, cloud architects, and stakeholders to align NDR with organizational security goals. o Present findings and recommendations to technical and non-technical audiences.