Security Tooling EngineerAbout UsNTT DATA is one of the world’s largest global security services providers, with over 7,500 security SMEs. We work with leading security technology vendors and pride ourselves on delivering innovative and effective solutions. Our people, clients, and communities are at the core of what we do. We’re seeking individuals passionate about building a more secure and sustainable world.The Security Tooling Engineer is responsible for the operation, maintenance, integration, and optimization of security platforms and tools that support the delivery of security services across NTT DATA and Service Recipients. This role ensures that security tooling operates reliably, integrates seamlessly with enterprise infrastructure, and complies with governance requirements outlined.Key ResponsibilitiesPlatform Operations & MaintenanceOperate and maintain security platforms in accordance with agreed Service Level Agreements (SLAs) as defined in Service Levels and KPIsEnsure high availability, performance, and reliability of all security toolingMonitor platform health and proactively address performance issuesManage platform upgrades, patches, and version controlProvide monthly health and performance reports for all managed security platformsData Source Management & IntegrationManage onboarding of data sources to security platforms (e.g., log sources to SIEM)Configure data parsing, normalization, and enrichment to ensure data qualityDesign and maintain dashboards and visualizations for security monitoring and reportingEnsure integration with other Security Services and Tooling across the ecosystemIntegrate security tools with recipients clients or Global's Splunk SIEM, CMDB, and ticketing systemsImplement SSO (Single Sign-On) and MFA (Multi-Factor Authentication) integration with recipient clients or Global's identity and access management systemsAccess Management & GovernanceEnforce Role-Based Access Control (RBAC) across all security platformsConduct quarterly access reviews to ensure least-privilege accessManage user provisioning and deprovisioning for Global, Service Recipients, and authorized Supplier personnelMaintain auditable logs of all access changesEnsure all access changes are logged and auditable per clients requirementsConfiguration & Change ManagementManage security tool configurations in accordance with the Change Control ProcedureDocument all configuration changes and maintain configuration baselinesEnsure configuration changes are approved by Global and/or Service Recipients before implementationMaintain configuration management database (CMDB) entries for all security toolingSupport configuration audits and compliance reviewsVulnerability & Patch ManagementPerform vulnerability scans of security tooling platforms in line with Vulnerability Management Service requirementsApply patches within timelines defined by recipient clients or Global policies and standardsReport remediation status monthlyEscalate unpatched critical vulnerabilities immediately to recipient clients or Global serviceEnsure security tooling platforms comply with recipient client or Global's patching policiesIncident & Problem ManagementReport tooling-related incidents (outages, performance issues, security events) to Global and or Service Recipients immediatelySupport Third Party vendor cases where Supplier actions affect system availability, integrity, or confidentialityProvide written notice of vulnerability disclosures and critical defects in tooling without undue delayProvide impact assessments and work-around proposals for tooling issuesLog all tooling-related incidents and vulnerabilities in the agreed ticketing systemProvide monthly reports detailing incident trends, vulnerability status, and remediation progressTooling Replacement & MigrationSupport tooling replacement activities when recipient clients or Global decides to replace existing toolsParticipate in hypercare activities for Replacement Tooling up to and including implementation dateEnsure seamless migration of configurations, data, and integrations to new platformsRetrain on new tooling as required clientsCease use of Replaced Tooling by the specified replacement dateSecurity Tooling Portfolio ManagementManage and maintain the following categories of security tools:Security Operations ToolsSIEM (Security Information and Event Management) - e.g., SplunkEDR (Endpoint Detection and Response)SOAR (Security Orchestration, Automation and Response)Threat Intelligence PlatformsVulnerability Scanners (e.g., Qualys, Tenable)Brand Protection and Domain Monitoring ToolsCertificate Authority (CA) and PKI Management PlatformsSecurity Architecture & Engineering ToolsSAST (Static Application Security Testing) - e.g., Checkmarx, FortifyDAST (Dynamic Application Security Testing) - e.g., Burp Suite, OWASP ZAPSCA (Software Composition Analysis) - e.g., Snyk, Black DuckCSPM (Cloud Security Posture Management) - e.g., Prisma Cloud, WizContainer Scanning ToolsPenetration Testing ToolsInformation Security ToolsThird Party Risk Management PlatformsCase Management Systems for Third Party Security AssessmentsService Support ToolsSecurity Service Desk Ticketing Systems (e.g., Jira, ServiceNow)Reporting and Dashboard PlatformsExperienceMinimum 4 years of experience in security operations, security engineering, or IT systems administrationMinimum 2 years of hands-on experience with SIEM platforms (preferably Splunk)Proven experience managing security tooling in enterprise environmentsExperience with integration of security tools with enterprise infrastructure (IAM, CMDB, ticketing)Demonstrated experience with access management and RBAC implementationExperience with vulnerability management and patch management processesTechnical SkillsSecurity PlatformsSIEM: Splunk (required), QRadar, ArcSight, LogRhythm, SentinelEDR: CrowdStrike, Carbon Black, SentinelOne, Microsoft DefenderSOAR: Splunk Phantom, Palo Alto Cortex XSOAR, IBM ResilientVulnerability Management: Qualys, Tenable, Rapid7Threat Intelligence: Recorded Future, ThreatConnect, MISPIntegration & AutomationREST APIs and API integrationScripting: Python, PowerShell, BashAutomation tools: Ansible, Terraform, JenkinsData formats: JSON, XML, CSV, Syslog, CEFInfrastructure & NetworkingLinux and Windows server administrationNetworking fundamentals (TCP/IP, DNS, firewalls, proxies)Cloud platforms: AWS, Azure, GCPContainerization: Docker, KubernetesIdentity & Access ManagementSSO protocols: SAML, OAuth, OpenID ConnectMFA solutions: Duo, Okta, Azure MFALDAP/Active Directory integrationRBAC design and implementationData & ReportingLog management and parsingData normalization and enrichmentDashboard and visualization design (Splunk, Grafana, Kibana)Reporting and metricsFrameworks & StandardsClients Global Security Control FrameworkISO 27001, NIST Cybersecurity Framework, CIS BenchmarksITIL service management practicesChange management and configuration management