The Senior SOC Analyst will play a crucial role in enhancing security operations by leveraging expertise in SIEM platforms such as Splunk and IBM QRadar. This position requires a minimum of 3-5 years of experience in the IT security industry, preferably within a SOC/NOC environment. The ideal candidate will possess relevant cybersecurity certifications and demonstrate strong analytical and communication skills. Responsibilities include developing analytical rules, incident response playbooks, and conducting threat modeling exercises. The role also involves monitoring security alerts and generating reports for stakeholders. The primary function of the Senior SOC Engineer is to enhance our security operations capabilities. This role requires deep expertise in SIEM platforms including Splunk, IBM QRadar, Microsoft Defender, Microsoft Sentinel, and Google Chronicle, with a strong focus on playbook development, analytical rule creation, and threat modelling. You will be instrumental in building and optimizing our detection and response strategies. Job Duties • SIEM Engineering & Management o Deploy, configure, and maintain SIEM platforms (Splunk, QRadar, Sentinel, Defender, Chronicle). o Onboard and normalize log sources across cloud and on-prem environments. o Develop and optimize analytical rules for threat detection, anomaly detection, and behavioural analysis. • Playbook Development & Automation o Design and implement incident response playbooks for various threat scenarios (e.g., phishing, lateral movement, data exfiltration). o Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to automate triage and response. o Continuously refine playbooks based on threat intelligence and incident feedback. • Threat Detection & Response o Monitor and analyse security alerts and events to identify potential threats. o Perform in-depth investigations and coordinate incident response activities. o Collaborate with threat intelligence teams to enrich detection logic. • Threat Modelling & Use Case Development o Conduct threat modelling exercises using frameworks like MITRE ATT&CK, STRIDE, or Kill Chain. o Translate threat models into actionable detection use cases and SIEM rules. o Prioritize detection engineering efforts based on risk and business impact. • Reporting & Collaboration o Generate reports and dashboards for stakeholders on security posture and incident trends. o Work closely with IT, DevOps, and compliance teams to ensure secure system configurations. o Provide mentorship and guidance to junior analysts and engineers. o Maintain accurate and up-to-date documentation of security procedures, incident response plans, and analysis reports. o Support the creation of monthly reporting packs as per contractual requirements. o Create and document robust event and incident management processes, Runbooks & Playbooks • Other responsibilities: o Involvement in scoping and standing up new solutions for new opportunities o Assisting Pre-Sales team with requirements on new opportunities o Demonstrations of SOC tools to clients o Continual Service Improvement - Recommendations for change to address incidents or persistent events. What experience youll bring: Skills Must be able to obtain SC Clearance or already hold SC clearance. • SIEM Expertise: Hands-on experience with at least two of the following: o Splunk o IBM QRadar o Microsoft Defender for Endpoint o Microsoft Sentinel o Google Chronicle • Technical Skills: o Strong knowledge of log formats, parsing, and normalization. o Experience with KQL, SPL, AQL, or other SIEM query languages. o Familiarity with scripting (Python, PowerShell) for automation and enrichment. • Security Knowledge: o Deep understanding of threat detection, incident response, and cyber kill chain. o Familiarity with MITRE ATT&CK, NIST, and CIS frameworks. • Strong verbal and written English communication. • Strong interpersonal and presentation skills. • Strong analytical skills • Must have good understanding on network traffic flows and able to understand normal and suspicious activities. • Must have good understanding of Vulnerability Scanning and management as well as Ethical Hacking (Penetration Testing) • Knowledge of ITIL disciplines such as Incident, Problem and Change Management. • Ability to work with minimal levels of supervision. • Willingness to work in a job that involves 24/7 on call. Education Requirements & Experience • Minimum of 3 to 5 years of experience in the IT security industry, preferably working in a SOC/NOC environment. • Preferably holds Cyber Security Certification e.g. ISC2 CISSP, GIAC, SC-200, Splunk Certified Admin/Power User, IBM QRadar Certified Specialist, Google Chronicle Security Engineer etc • Experience with Service Now Security suite • Experience with Cloud platforms (AWS and/or Microsoft Azure) • Excellent knowledge of Microsoft Office products, especially Excel and Word At NTT DATA, you have endless opportunities to think big, act bold and take ownership. As a $30 billion business and technology services, AI and digital infrastructure leader, we co-innovate solutions with clients and partners globally for business and societal impact. Serving 75% of the Fortune Global 100, with experts in over 70 countries, we encourage experimentation and recognize great work. Proudly a Global Top Employer, NTT DATA is part of NTT Group, which invests over $3 billion annually in R&D. Make this the place where you belong, learn, and build your network. Make this the place where you grow.