SOC Solutions Engineer
| Dyddiad hysbysebu: | 06 Awst 2025 |
|---|---|
| Cyflog: | Heb ei nodi |
| Gwybodaeth ychwanegol am y cyflog: | Competitive Salary Depending On Experience |
| Oriau: | Llawn Amser |
| Dyddiad cau: | 05 Medi 2025 |
| Lleoliad: | Birmingham, West Midlands |
| Gweithio o bell: | Hybrid - gweithio o bell hyd at 2 ddiwrnod yr wythnos |
| Cwmni: | NTT Data |
| Math o swydd: | Parhaol |
| Cyfeirnod swydd: |
Crynodeb
The team you'll be working with:
SOC Solutions Engineer
We are currently recruiting for a Senior Associate level Managed Detection and Response SOC Analyst Level 2 to join our growing Security Operations Centre business.
This is a hybrid variable position that can be based in our Birmingham or London offices
About Us:
NTT Data is a leading Managed Service Provider (MSP) with a global reach empowering local team, undertaking hugely exciting work and is genuinely changing the world.
We specialise in delivering cutting-edge IT and cybersecurity solutions to our diverse client base. We provide expert-managed services to help clients protect their data, comply with regulations, and manage evolving cyber threats. We are looking for a skilled Information Security Manager to join our team and be billed out to a key client to enhance their information security posture.
What you'll be doing:
What you will be doing;
The primary function of the Senior SOC Engineer is to enhance our security operations capabilities. This role requires deep expertise in SIEM platforms including Splunk, IBM QRadar, Microsoft Defender, Microsoft Sentinel, and Google Chronicle, with a strong focus on playbook development, analytical rule creation, and threat modelling. You will be instrumental in building and optimizing our detection and response strategies.
SIEM Engineering & Management
Deploy, configure, and maintain SIEM platforms (Splunk, QRadar, Sentinel, Defender, Chronicle).
Onboard and normalize log sources across cloud and on-prem environments.
Develop and optimize analytical rules for threat detection, anomaly detection, and behavioural analysis.
Playbook Development & Automation
Design and implement incident response playbooks for various threat scenarios (e.g., phishing, lateral movement, data exfiltration).
Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to automate triage and response.
Continuously refine playbooks based on threat intelligence and incident feedback.
Threat Detection & Response
Monitor and analyse security alerts and events to identify potential threats.
Perform in-depth investigations and coordinate incident response activities.
Collaborate with threat intelligence teams to enrich detection logic.
Threat Modelling & Use Case Development
Conduct threat modelling exercises using frameworks like MITRE ATT&CK, STRIDE, or Kill Chain.
Translate threat models into actionable detection use cases and SIEM rules.
Prioritize detection engineering efforts based on risk and business impact.
Reporting & Collaboration
Generate reports and dashboards for stakeholders on security posture and incident trends.
Work closely with IT, DevOps, and compliance teams to ensure secure system configurations.
Provide mentorship and guidance to junior analysts and engineers.
Maintain accurate and up-to-date documentation of security procedures, incident response plans, and analysis reports.
Support the creation of monthly reporting packs as per contractual requirements.
Create and document robust event and incident management processes, Runbooks & Playbooks
Other responsibilities:
Involvement in scoping and standing up new solutions for new opportunities
Assisting Pre-Sales team with requirements on new opportunities
Demonstrations of SOC tools to clients
Continual Service Improvement - Recommendations for change to address incidents or persistent events.
What experience you'll bring:
What you will bring;
Must be able to obtain SC Clearance or already hold SC clearance.
SIEM Expertise: Hands-on experience with at least two of the following:
Splunk
IBM QRadar
Microsoft Defender for Endpoint
Microsoft Sentinel
Google Chronicle
Technical Skills:
Strong knowledge of log formats, parsing, and normalization.
Experience with KQL, SPL, AQL, or other SIEM query languages.
Familiarity with scripting (Python, PowerShell) for automation and enrichment.
Security Knowledge:
Deep understanding of threat detection, incident response, and cyber kill chain.
Familiarity with MITRE ATT&CK, NIST, and CIS frameworks.
Strong verbal and written English communication.
Strong interpersonal and presentation skills.
Strong analytical skills
Must have good understanding on network traffic flows and able to understand normal and suspicious activities.
Must have good understanding of Vulnerability Scanning and management as well as Ethical Hacking (Penetration Testing)
Knowledge of ITIL disciplines such as Incident, Problem and Change Management.
Ability to work with minimal levels of supervision.
Willingness to work in a job that involves 24/7 on call.
Education Requirements & Experience
Minimum of 3 to 5 years of experience in the IT security industry, preferably working in a SOC/NOC environment.
Preferably holds Cyber Security Certification e.g. ISC2 CISSP, GIAC, SC-200, Splunk Certified Admin/Power User, IBM QRadar Certified Specialist, Google Chronicle Security Engineer etc
Experience with Service Now Security suite
Experience with Cloud platforms (AWS and/or Microsoft Azure)
Excellent knowledge of Microsoft Office products, especially Excel and Word
Reports to
Security Director – NTT DATA UK Security Practice
Client Delivery Director – NTT DATA UK Managed Services
SOC Solutions Engineer
We are currently recruiting for a Senior Associate level Managed Detection and Response SOC Analyst Level 2 to join our growing Security Operations Centre business.
This is a hybrid variable position that can be based in our Birmingham or London offices
About Us:
NTT Data is a leading Managed Service Provider (MSP) with a global reach empowering local team, undertaking hugely exciting work and is genuinely changing the world.
We specialise in delivering cutting-edge IT and cybersecurity solutions to our diverse client base. We provide expert-managed services to help clients protect their data, comply with regulations, and manage evolving cyber threats. We are looking for a skilled Information Security Manager to join our team and be billed out to a key client to enhance their information security posture.
What you'll be doing:
What you will be doing;
The primary function of the Senior SOC Engineer is to enhance our security operations capabilities. This role requires deep expertise in SIEM platforms including Splunk, IBM QRadar, Microsoft Defender, Microsoft Sentinel, and Google Chronicle, with a strong focus on playbook development, analytical rule creation, and threat modelling. You will be instrumental in building and optimizing our detection and response strategies.
SIEM Engineering & Management
Deploy, configure, and maintain SIEM platforms (Splunk, QRadar, Sentinel, Defender, Chronicle).
Onboard and normalize log sources across cloud and on-prem environments.
Develop and optimize analytical rules for threat detection, anomaly detection, and behavioural analysis.
Playbook Development & Automation
Design and implement incident response playbooks for various threat scenarios (e.g., phishing, lateral movement, data exfiltration).
Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to automate triage and response.
Continuously refine playbooks based on threat intelligence and incident feedback.
Threat Detection & Response
Monitor and analyse security alerts and events to identify potential threats.
Perform in-depth investigations and coordinate incident response activities.
Collaborate with threat intelligence teams to enrich detection logic.
Threat Modelling & Use Case Development
Conduct threat modelling exercises using frameworks like MITRE ATT&CK, STRIDE, or Kill Chain.
Translate threat models into actionable detection use cases and SIEM rules.
Prioritize detection engineering efforts based on risk and business impact.
Reporting & Collaboration
Generate reports and dashboards for stakeholders on security posture and incident trends.
Work closely with IT, DevOps, and compliance teams to ensure secure system configurations.
Provide mentorship and guidance to junior analysts and engineers.
Maintain accurate and up-to-date documentation of security procedures, incident response plans, and analysis reports.
Support the creation of monthly reporting packs as per contractual requirements.
Create and document robust event and incident management processes, Runbooks & Playbooks
Other responsibilities:
Involvement in scoping and standing up new solutions for new opportunities
Assisting Pre-Sales team with requirements on new opportunities
Demonstrations of SOC tools to clients
Continual Service Improvement - Recommendations for change to address incidents or persistent events.
What experience you'll bring:
What you will bring;
Must be able to obtain SC Clearance or already hold SC clearance.
SIEM Expertise: Hands-on experience with at least two of the following:
Splunk
IBM QRadar
Microsoft Defender for Endpoint
Microsoft Sentinel
Google Chronicle
Technical Skills:
Strong knowledge of log formats, parsing, and normalization.
Experience with KQL, SPL, AQL, or other SIEM query languages.
Familiarity with scripting (Python, PowerShell) for automation and enrichment.
Security Knowledge:
Deep understanding of threat detection, incident response, and cyber kill chain.
Familiarity with MITRE ATT&CK, NIST, and CIS frameworks.
Strong verbal and written English communication.
Strong interpersonal and presentation skills.
Strong analytical skills
Must have good understanding on network traffic flows and able to understand normal and suspicious activities.
Must have good understanding of Vulnerability Scanning and management as well as Ethical Hacking (Penetration Testing)
Knowledge of ITIL disciplines such as Incident, Problem and Change Management.
Ability to work with minimal levels of supervision.
Willingness to work in a job that involves 24/7 on call.
Education Requirements & Experience
Minimum of 3 to 5 years of experience in the IT security industry, preferably working in a SOC/NOC environment.
Preferably holds Cyber Security Certification e.g. ISC2 CISSP, GIAC, SC-200, Splunk Certified Admin/Power User, IBM QRadar Certified Specialist, Google Chronicle Security Engineer etc
Experience with Service Now Security suite
Experience with Cloud platforms (AWS and/or Microsoft Azure)
Excellent knowledge of Microsoft Office products, especially Excel and Word
Reports to
Security Director – NTT DATA UK Security Practice
Client Delivery Director – NTT DATA UK Managed Services
Aelod balch o'r cynllun cyflogwyr Hyderus o ran Anabledd
Hyderus o ran Anabledd
Gwybodaeth am Hyderus o ran Anabledd
Yn gyffredinol, bydd cyflogwr Hyderus o ran Anabledd yn cynnig cyfweliad i unrhyw ymgeisydd sy'n datgan eu bod yn anabl ac yn bodloni'r meini prawf lleiaf ar gyfer y swydd fel y diffinnir gan y cyflogwr. Mae'n bwysig nodi, mewn rhai sefyllfaoedd recriwtio fel nifer fawr o ymgeiswyr, cyfnod tymhorol ac amseroedd prysur iawn, efallai y bydd y cyflogwr am gyfyngu ar y niferoedd cyffredinol o gyfweliadau a gynigir i bobl anabl a phobl nad ydynt yn anabl. Am fwy o fanylion ewch i Hyderus o ran Anabledd.