The SOC Analyst is a frontline, shift‑based role operating within a 24/7 Security Operations Centre. The role is responsible for monitoring, triaging, analysing, and investigating security alerts and events using SIEM and SOAR platforms to detect potential security incidents and protect monitored environments.
Working within defined procedures, runbooks, and escalation paths, run SOC Analyst performs initial investigations, validates alerts, and supports incident response activities. The role requires strong attention to detail, disciplined execution, and the ability to work effectively in a high‑volume, operational environment.
What You Will Do
You will continuously monitor security alerts, logs, and event data across customer and internal environments, identifying suspicious or malicious activity. You will triage and analyse alerts to determine whether they represent potential security or service incidents, and prioritise them in line with defined security incident management policies.
You will conduct first‑line investigations using SIEM, SOAR, and supporting security tools, validating alerts, gathering relevant evidence, and assessing initial impact and severity. Where indicators of compromise or attack activity are identified, you will recognise successful or unsuccessful attack attempts and escape to senior analysts or incident responders with clear context.
You will support incident containment and remediation activities by following runbooks and customer guidance, ensuring actions are documented and carried out consistently. High‑quality case management is a core responsibility: you will create and maintain incident tickets, record investigation steps and findings, and produce clear incident summaries and investigation notes using internal knowledge bases and research.
You will contribute to post‑incident reviews by sharing findings and identifying opportunities to improve detection, response, or operational processes. You will also apply threat intelligence provided by the SOC to support alert analysis and investigations.
Operational discipline is essential. You will follow defined SOC procedures, documentation standards, and shift‑handover processes, ensuring continuity across shifts. You will participate fully in the 24/7 shift rota, working collaboratively with other analysts to maintain consistent monitoring coverage.
What You’ll Bring
You will have at least one year working as a SOC Analyst at level 1 or similar, with foundational understanding of cyber security concepts, including TCP/IP networking, common log sources, and basic attack techniques. You will be comfortable working with a SIEM platform such as Splunk, Microsoft Sentinel, or an equivalent tool, and have basic knowledge of common operating systems including Windows, Linux, and macOS.
You will demonstrate strong analytical and problem‑solving skills, with the ability to assess alerts, follow investigative processes, and make sound decisions within defined procedures. Clear written and verbal communication skills are essential, particularly for accurate ticketing, escalation, and shift handover.
You will be able to work calmly and effectively in a shift‑based operational environment, managing workload and maintaining focus during periods of high alert volume. You will be comfortable following procedures, working with minimal supervision, and continuously learning from feedback and operational experience. Awareness of scripting, query languages, or rule‑based detection is advantageous but not required.
Experience & Qualifications
* You will have at least one year working as a SOC Analyst at level 1 or similar.
* Experience or strong interest in cyber security or IT operations
* Entry‑level or foundation cyber security certifications desirable (CySA+, SC‑200)
* Experience with cloud platforms such as Microsoft Azure and/or AWS is desirable
* Proficiency with Microsoft Office tools, particularly Excel and Word
Security & Working Requirements
* Eligibility for, or holding, UK SC Clearance
* Willingness to work within a 24/7 shift‑based SOC environment
Who we are:
We’re a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.
Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well‑being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.
For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together
What we’ll offer you:
We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.
For more information on NTT DATA UK & Ireland please click here: NTT DATA
We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a Disability Confident Committed Employer - we want to see every candidate performing at their best throughout the job application and interview process, if you require any reasonable adjustments during the recruitment process, please let us know and we look forward to hearing from you.
#J-18808-Ljbffr