Overview
This role will be based on‑site in Birmingham. Candidates must be able to work 24/7 operations, with shift patterns of 4 days on, 4 days off.
Responsibilities
* Analyze incidents escalated by SOC Analyst (L1) and conduct detailed investigations of security events. Determine incident classification and coordinate with customer IT and security teams for resolution.
* Security Monitoring & Investigation:
o Monitor SIEM tools to maintain high levels of security operations delivery.
o Enhance security monitoring systems to detect and analyze potential incidents.
o Conduct real‑time analysis of security events and incidents, escalating as necessary.
o Support other teams in incident investigations to determine root cause and impact.
o Document findings and lessons learned to improve incident response procedures.
o Ensure runbooks are followed and remain fit for purpose.
* Incident Response:
o Lead and coordinate incident response activities to contain, eradicate, and recover from security incidents.
o Develop and maintain incident response plans aligned with industry best practices.
o Manage escalation during security incidents.
o Follow major incident processes.
* Threat Intelligence:
o Stay abreast of latest cybersecurity threats and vulnerabilities; integrate threat intelligence into monitoring processes.
o Contribute to developing threat intelligence feeds for proactive detection.
* Security Tool Management:
o Manage and optimize SIEM tools for maximum effectiveness.
o Own development and implementation of SOC use cases.
o Evaluate new security technologies and recommend infrastructure enhancements.
* Collaboration:
o Collaborate with IT, legal, and management teams to address incidents and implement preventive measures.
o Provide expertise and guidance to other analysts.
o Work with technical teams to ensure all new and changed services are properly monitored.
* Documentation:
o Maintain accurate documentation of security procedures, incident response plans, and reports.
o Create post‑incident reports for management and stakeholders.
o Support creation of monthly reporting packs as per contractual requirements.
o Document robust event and incident management processes, runbooks, and playbooks.
* Other Responsibilities:
o Participate in scoping and standing up new solutions for new opportunities.
o Assist pre‑sales team with requirements for new opportunities.
o Demonstrate SOC tools to clients.
o Recommend continual service improvements to address incidents or persistent events.
Qualifications
* Must be able to obtain or already hold SC clearance.
* Good understanding of incident response approaches.
* Hands‑on knowledge of Microsoft Sentinel (or any SIEM tool).
* Strong verbal and written English communication.
* Strong interpersonal and presentation skills.
* Strong analytical skills.
* Understanding of network traffic flows and ability to identify normal vs. suspicious activities.
* Knowledge of vulnerability scanning and management, as well as ethical hacking (penetration testing).
* Ability to learn forensic techniques.
* Ability to reverse engineer attacks.
* Knowledge of ITIL disciplines such as Incident, Problem and Change Management.
* Ability to work with minimal supervision.
* Willingness to work in a 24/7 operations/on‑call environment.
Education & Experience
* Minimum 3‑5 years of experience in the IT security industry, preferably in a SOC/NOC environment.
* Preferably holds a cyber security certification (e.g., GIAC, ISC2, SC‑200).
* Experience with cloud platforms (AWS and/or Microsoft Azure).
* Excellent knowledge of Microsoft Office products, especially Excel and Word.
NTT DATA is one of the world's largest global security services providers with over 7,500 security SMEs and partners with many of the world's most recognized security technology providers. We strive to hire exceptional, innovative, and passionate individuals who want to grow with us. In a constantly changing world, we work together with our people, clients and communities to enable them to fulfill their potential and do great things. We believe that by bringing everyone together, we can solve problems using innovative technology that can create a world that is sustainable and secure.
#J-18808-Ljbffr