JOB DESCRIPTION
The team you'll be working with:
Security Tooling Engineer
About Us
NTT DATA is one of the world’s largest global security services providers, with over 7,500 security SMEs. We work with leading security technology vendors and pride ourselves on delivering innovative and effective solutions. Our people, clients, and communities are at the core of what we do. We’re seeking individuals passionate about building a more secure and sustainable world.
What you'll be doing:
The Security Tooling Engineer is responsible for the operation, maintenance, integration, and optimization of security platforms and tools that support the delivery of security services across NTT DATA and Service Recipients. This role ensures that security tooling operates reliably, integrates seamlessly with enterprise infrastructure, and complies with governance requirements outlined.
Key Responsibilities
Platform Operations & Maintenance
1. Operate and maintain security platforms in accordance with agreed Service Level Agreements (SLAs) as defined in Service Levels and KPIs
2. Ensure high availability, performance, and reliability of all security tooling
3. Monitor platform health and proactively address performance issues
4. Manage platform upgrades, patches, and version control
5. Provide monthly health and performance reports for all managed security platforms
Data Source Management & Integration
6. Manage onboarding of data sources to security platforms (, log sources to SIEM)
7. Configure data parsing, normalization, and enrichment to ensure data quality
8. Design and maintain dashboards and visualizations for security monitoring and reporting
9. Ensure integration with other Security Services and Tooling across the ecosystem
10. Integrate security tools with recipients clients or Global's Splunk SIEM, CMDB, and ticketing systems
11. Implement SSO (Single Sign-On) and MFA (Multi-Factor Authentication) integration with recipient clients or Global's identity and access management systems
Access Management & Governance
12. Enforce Role-Based Access Control (RBAC) across all security platforms
13. Conduct quarterly access reviews to ensure least-privilege access
14. Manage user provisioning and deprovisioning for Global, Service Recipients, and authorized Supplier personnel
15. Maintain auditable logs of all access changes
16. Ensure all access changes are logged and auditable per clients requirements
Configuration & Change Management
17. Manage security tool configurations in accordance with the Change Control Procedure
18. Document all configuration changes and maintain configuration baselines
19. Ensure configuration changes are approved by Global and/or Service Recipients before implementation
20. Maintain configuration management database (CMDB) entries for all security tooling
21. Support configuration audits and compliance reviews
Vulnerability & Patch Management
22. Perform vulnerability scans of security tooling platforms in line with Vulnerability Management Service requirements
23. Apply patches within timelines defined by recipient clients or Global policies and standards
24. Report remediation status monthly
25. Escalate unpatched critical vulnerabilities immediately to recipient clients or Global service
26. Ensure security tooling platforms comply with recipient client or Global's patching policies
Incident & Problem Management
27. Report tooling-related incidents (outages, performance issues, security events) to Global and or Service Recipients immediately
28. Support Third Party vendor cases where Supplier actions affect system availability, integrity, or confidentiality
29. Provide written notice of vulnerability disclosures and critical defects in tooling without undue delay
30. Provide impact assessments and work-around proposals for tooling issues
31. Log all tooling-related incidents and vulnerabilities in the agreed ticketing system
32. Provide monthly reports detailing incident trends, vulnerability status, and remediation progress
Tooling Replacement & Migration
33. Support tooling replacement activities when recipient clients or Global decides to replace existing tools
34. Participate in hypercare activities for Replacement Tooling up to and including implementation date
35. Ensure seamless migration of configurations, data, and integrations to new platforms
36. Retrain on new tooling as required clients
37. Cease use of Replaced Tooling by the specified replacement date
Security Tooling Portfolio Management
Manage and maintain the following categories of security tools:
Security Operations Tools
38. SIEM (Security Information and Event Management) -, Splunk
39. EDR (Endpoint Detection and Response)
40. SOAR (Security Orchestration, Automation and Response)
41. Threat Intelligence Platforms
42. Vulnerability Scanners (, Qualys, Tenable)
43. Brand Protection and Domain Monitoring Tools
44. Certificate Authority (CA) and PKI Management Platforms
Security Architecture & Engineering Tools
45. SAST (Static Application Security Testing) -, Checkmarx, Fortify
46. DAST (Dynamic Application Security Testing) -, Burp Suite, OWASP ZAP
47. SCA (Software Composition Analysis) -, Snyk, Black Duck
48. CSPM (Cloud Security Posture Management) -, Prisma Cloud, Wiz
49. Container Scanning Tools
50. Penetration Testing Tools
Information Security Tools
51. Third Party Risk Management Platforms
52. Case Management Systems for Third Party Security Assessments
Service Support Tools
53. Security Service Desk Ticketing Systems (, Jira, ServiceNow)
54. Reporting and Dashboard Platforms
Exit & Offboarding Support
55. Upon expiry/termination of tooling contracts or at Global's request:
56. Return all configurations, runbooks, and artifacts
57. Ensure orderly transfer of Supplier-created content
58. Support account de-provisioning
59. Return/destroy data per Global/Service Recipient policies
60. Provide detailed handover plans for tooling transition to Global, Service Recipients, or Replacement Suppliers
What experience you'll bring:
Certifications (Required)
At least one of the following:
61. Splunk Certified Admin / Splunk Certified Architect
62. Certified Information Systems Security Professional (CISSP)
63. GIAC Security Essentials (GSEC)
64. CompTIA Security+
Certifications (Preferred)
65. Vendor-specific certifications for managed tools (, Qualys, Tenable, Palo Alto Networks)
66. ITIL Foundation or higher
67. Cloud certifications (AWS, Azure, GCP)
68. Automation certifications (Ansible, Terraform)
Experience
69. Minimum 4 years of experience in security operations, security engineering, or IT systems administration
70. Minimum 2 years of hands-on experience with SIEM platforms (preferably Splunk)
71. Proven experience managing security tooling in enterprise environments
72. Experience with integration of security tools with enterprise infrastructure (IAM, CMDB, ticketing)
73. Demonstrated experience with access management and RBAC implementation
74. Experience with vulnerability management and patch management processes
Technical Skills
Security Platforms
75. SIEM: Splunk (required), QRadar, ArcSight, LogRhythm, Sentinel
76. EDR: CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender
77. SOAR: Splunk Phantom, Palo Alto Cortex XSOAR, IBM Resilient
78. Vulnerability Management: Qualys, Tenable, Rapid7
79. Threat Intelligence: Recorded Future, ThreatConnect, MISP
Integration & Automation
80. REST APIs and API integration
81. Scripting: Python, PowerShell, Bash
82. Automation tools: Ansible, Terraform, Jenkins
83. Data formats: JSON, XML, CSV, Syslog, CEF
Infrastructure & Networking
84. Linux and Windows server administration
85. Networking fundamentals (TCP/IP, DNS, firewalls, proxies)
86. Cloud platforms: AWS, Azure, GCP
87. Containerization: Docker, Kubernetes
Identity & Access Management
88. SSO protocols: SAML, OAuth, OpenID Connect
89. MFA solutions: Duo, Okta, Azure MFA
90. LDAP/Active Directory integration
91. RBAC design and implementation
Data & Reporting
92. Log management and parsing
93. Data normalization and enrichment
94. Dashboard and visualization design (Splunk, Grafana, Kibana)
95. Reporting and metrics
Frameworks & Standards
96. Clients Global Security Control Framework
97. ISO 27001, NIST Cybersecurity Framework, CIS Benchmarks
98. ITIL service management practices
99. Change management and configuration management
Soft Skills
100. Strong problem-solving and troubleshooting abilities
101. Excellent attention to detail
102. Effective communication skills (written and verbal)
103. Ability to work collaboratively across teams
104. Customer service orientation
105. Ability to manage multiple priorities and deadlines
106. Proactive and self-motivated
Key Performance Indicators (KPIs)
107. Platform uptime and availability (per SLA targets)
108. Incident response time for tooling issues
109. Monthly health report delivery timeliness and quality
110. Access review completion rate (quarterly)
111. Vulnerability remediation timeliness
112. Integration success rate (new data sources, new tools)
113. User satisfaction with tooling performance
114. Compliance with stated requirements
Who we are:
We’re a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.
Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.
For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA
what we'll offer you:
We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.
You can find more information about NTT DATA UK & Ireland here:
We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.
Back to search
Email to a friend
Apply now