SOC Analyst L2
| Posting date: | 06 August 2025 |
|---|---|
| Salary: | Not specified |
| Additional salary information: | Competitive Salary Depending On Experience |
| Hours: | Full time |
| Closing date: | 05 September 2025 |
| Location: | Birmingham, West Midlands |
| Remote working: | Hybrid - work remotely up to 2 days per week |
| Company: | NTT Data |
| Job type: | Permanent |
| Job reference: |
Summary
The team you'll be working with:
SOC Analyst (L2)
We are currently recruiting for a Senior Associate level Managed Detection and Response SOC Analyst Level 2 to join our growing Security Operations Centre business.
This role will be based on-site in Birminham, we need canddiates that are able to work in a job that involves 24/7 operations, this will probably be inshift patterns of 4 days on, 4 days off.
About Us
NTT DATA is one of the world’s largest Global Security services providers with over 7500 Security SMEs and Integration partner to many of the worlds most recognised Security Technology providers. We strive to hire exceptional, innovative, and passionate individuals who want to grow with us. In a constantly changing world, we work together with our people, clients and communities to enable them to fulfil their potential to do great things. We believe that by bringing everyone together, we can solve problems using innovative technology that can create a world that is sustainable and secure.
This is a great opportunity for you to play a pivotal role in helping to shape our client’s transformation journeys.
What you'll be doing:
What you will be doing;
The primary function of the SOC Analyst (L2) is to analyse any incidents escalated by the SOC Analyst (L1) and undertake the detailed investigation of the Security Event. The Security Analyst (L2) shall determine whether the security event will be classified as an incident. They will be coordinating with the customer IT and Security team for resolution of the Security Incident.
MainDuties
Security Monitoring: & Investigation:
Monitoring SIEM tools to assure high a level of security operations delivery function
Oversee and enhance security monitoring systems to detect and analyse potential security incidents.
Conduct real-time analysis of security events and incident and escalate as necessary
Support other teams on investigations into incidents, determining the root cause and impact.
Document findings and lessons learned to improve incident response procedures.
Ensure runbooks are followed and are fit for purpose
Incident Response:
Lead and coordinate incident response activities to effectively contain, eradicate, and recover from security incidents.
Develop and maintain incident response plans, ensuring they align with industry best practices.
Escalation management in the event of a security incident
Follow major incident process
Threat Intelligence:
Stay abreast of the latest cybersecurity threats and vulnerabilities, integrating threat intelligence into security monitoring processes.
Contribute to the development of threat intelligence feeds to enhance proactive threat detection.
Security Tool Management:
Manage and optimise SIEM tools, ensuring they are properly configured and updated to maximize effectiveness.
Own the development and implementation of SOC Use Cases
Evaluate new security technologies and recommend enhancements to the security infrastructure.
Collaboration:
Collaborate with cross-functional teams, including IT, legal, and management, to address security incidents and implement preventive measures.
Provide expertise and guidance to other analysts.
Working with the Technical Teams to ensure all new and changed services are monitored accordingly
Documentation:
Maintain accurate and up-to-date documentation of security procedures, incident response plans, and analysis reports.
Create post-incident reports for management and stakeholders.
Support the creation of monthly reporting packs as per contractual requirements.
Create and document robust event and incident management processes, Runbooks & Playbooks
Other responsibilities:
Involvement in scoping and standing up new solutions for new opportunities
Assisting Pre-Sales team with requirements on new opportunities
Demonstrations of SOC tools to clients
Continual Service Improvement - Recommendations for change to address incidents or persistent events.
What experience you'll bring:
What you will bring;
This role will be based on-site in Birminham, we need canddiates that are able to work in a job that involves 24/7 operations, this will probably be inshift patterns of 4 days on, 4 days off.
Must be able to obtain SC Clearance or already hold SC clearance.
Must have a good understanding on Incident Response approaches
Must have knowledge and hands-on knowledge of Microsoft Sentinel (or any SIEM tool).
Strong verbal and written English communication.
Strong interpersonal and presentation skills.
Strong analytical skills
Must have good understanding on network traffic flows and able to understand normal and suspicious activities.
Must have good understanding of Vulnerability Scanning and management as well as Ethical Hacking (Penetration Testing)
Ability to learn forensic techniques
Ability to reverse engineer attacks to understand what actions took place.
Knowledge of ITIL disciplines such as Incident, Problem and Change Management.
Ability to work with minimal levels of supervision.
Willingness to work in a job that involves 24/7 operations or on-call.
Education Requirements & Experience
Minimum of 3 to 5 years of experience in the IT security industry, preferably working in a SOC/NOC environment.
Preferably holds Cyber Security Certification e.g. GIAC, ISC2, SC-200
Experience with Cloud platforms (AWS and/or Microsoft Azure)
Excellent knowledge of Microsoft Office products, especially Excel and Word
Reports to
Security Director – NTT DATA UK Security Practice
Client Delivery Director – NTT DATA UK Managed Services
SOC Analyst (L2)
We are currently recruiting for a Senior Associate level Managed Detection and Response SOC Analyst Level 2 to join our growing Security Operations Centre business.
This role will be based on-site in Birminham, we need canddiates that are able to work in a job that involves 24/7 operations, this will probably be inshift patterns of 4 days on, 4 days off.
About Us
NTT DATA is one of the world’s largest Global Security services providers with over 7500 Security SMEs and Integration partner to many of the worlds most recognised Security Technology providers. We strive to hire exceptional, innovative, and passionate individuals who want to grow with us. In a constantly changing world, we work together with our people, clients and communities to enable them to fulfil their potential to do great things. We believe that by bringing everyone together, we can solve problems using innovative technology that can create a world that is sustainable and secure.
This is a great opportunity for you to play a pivotal role in helping to shape our client’s transformation journeys.
What you'll be doing:
What you will be doing;
The primary function of the SOC Analyst (L2) is to analyse any incidents escalated by the SOC Analyst (L1) and undertake the detailed investigation of the Security Event. The Security Analyst (L2) shall determine whether the security event will be classified as an incident. They will be coordinating with the customer IT and Security team for resolution of the Security Incident.
MainDuties
Security Monitoring: & Investigation:
Monitoring SIEM tools to assure high a level of security operations delivery function
Oversee and enhance security monitoring systems to detect and analyse potential security incidents.
Conduct real-time analysis of security events and incident and escalate as necessary
Support other teams on investigations into incidents, determining the root cause and impact.
Document findings and lessons learned to improve incident response procedures.
Ensure runbooks are followed and are fit for purpose
Incident Response:
Lead and coordinate incident response activities to effectively contain, eradicate, and recover from security incidents.
Develop and maintain incident response plans, ensuring they align with industry best practices.
Escalation management in the event of a security incident
Follow major incident process
Threat Intelligence:
Stay abreast of the latest cybersecurity threats and vulnerabilities, integrating threat intelligence into security monitoring processes.
Contribute to the development of threat intelligence feeds to enhance proactive threat detection.
Security Tool Management:
Manage and optimise SIEM tools, ensuring they are properly configured and updated to maximize effectiveness.
Own the development and implementation of SOC Use Cases
Evaluate new security technologies and recommend enhancements to the security infrastructure.
Collaboration:
Collaborate with cross-functional teams, including IT, legal, and management, to address security incidents and implement preventive measures.
Provide expertise and guidance to other analysts.
Working with the Technical Teams to ensure all new and changed services are monitored accordingly
Documentation:
Maintain accurate and up-to-date documentation of security procedures, incident response plans, and analysis reports.
Create post-incident reports for management and stakeholders.
Support the creation of monthly reporting packs as per contractual requirements.
Create and document robust event and incident management processes, Runbooks & Playbooks
Other responsibilities:
Involvement in scoping and standing up new solutions for new opportunities
Assisting Pre-Sales team with requirements on new opportunities
Demonstrations of SOC tools to clients
Continual Service Improvement - Recommendations for change to address incidents or persistent events.
What experience you'll bring:
What you will bring;
This role will be based on-site in Birminham, we need canddiates that are able to work in a job that involves 24/7 operations, this will probably be inshift patterns of 4 days on, 4 days off.
Must be able to obtain SC Clearance or already hold SC clearance.
Must have a good understanding on Incident Response approaches
Must have knowledge and hands-on knowledge of Microsoft Sentinel (or any SIEM tool).
Strong verbal and written English communication.
Strong interpersonal and presentation skills.
Strong analytical skills
Must have good understanding on network traffic flows and able to understand normal and suspicious activities.
Must have good understanding of Vulnerability Scanning and management as well as Ethical Hacking (Penetration Testing)
Ability to learn forensic techniques
Ability to reverse engineer attacks to understand what actions took place.
Knowledge of ITIL disciplines such as Incident, Problem and Change Management.
Ability to work with minimal levels of supervision.
Willingness to work in a job that involves 24/7 operations or on-call.
Education Requirements & Experience
Minimum of 3 to 5 years of experience in the IT security industry, preferably working in a SOC/NOC environment.
Preferably holds Cyber Security Certification e.g. GIAC, ISC2, SC-200
Experience with Cloud platforms (AWS and/or Microsoft Azure)
Excellent knowledge of Microsoft Office products, especially Excel and Word
Reports to
Security Director – NTT DATA UK Security Practice
Client Delivery Director – NTT DATA UK Managed Services
Proud member of the Disability Confident employer scheme
Disability Confident
About Disability Confident
A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident.