Senior Security Platform Engineer (Detection Engineer) Business Unit: NTT Global Data Centers — Office of Information Security (GDC-OIS) Work Model: Hybrid (up to 25% domestic/international travel) Role Summary The Senior Security Platform Engineer is an advanced subject matter expert responsible for facilitating problem resolution and mentoring across the NTT GDC-OIS team. This role is critical in improving, developing, and maintaining IT/OT vulnerability management programmes and processes. The role performs and leads specialised tasks in threat hunting, SIEM/SOAR, network security, and other operational security functions including performance and availability monitoring, log monitoring, security incident detection and response, security event reporting, and content maintenance (tuning). The Senior Security Platform Engineer is responsible for detecting and monitoring escalated threats and suspicious activity affecting the organisation's technology domain — servers, networks, appliances, and all infrastructure supporting production applications and services, as well as OT and development environments. Key Responsibilities Serve as a senior member of a 24/7 global GDC Cybersecurity team, providing leadership in IT/OT environments with required expertise in ICS and SCADA systems. Lead the administration and optimisation of enterprise security platforms, overseeing lifecycle management including break-fix, patching, version upgrades, and integration with broader security ecosystems. Direct complex security incident response efforts across multiple vectors — endpoint protection, EDR, malware analysis, network and computer forensics — ensuring rapid containment and root cause analysis. Design and execute advanced vulnerability assessments using both automated and manual techniques; collaborate with stakeholders to prioritise remediation based on business risk and threat intelligence. Oversee continuous monitoring of threat intelligence feeds and security alerts, proactively identifying emerging risks and recommending strategic countermeasures. Interpret and synthesise threat reports to guide architectural improvements and validate the effectiveness of current security controls. Partner with cross-functional teams to develop and implement enterprise-wide mitigation strategies, configuration baselines, and patch management frameworks. Champion automation initiatives to streamline incident response, threat detection, and reporting workflows, leveraging available security platforms and scripting. Maintain and evolve the knowledge base by authoring and reviewing technical articles, playbooks, and SOPs to ensure consistency and operational excellence. Lead post-incident reviews, driving service recovery, documentation, and implementation of preventive measures across teams and vendors. Provide expert-level guidance on specialised security domains and technologies, ensuring comprehensive and efficient resolution of escalated incidents. Ensure meticulous incident logging and foster collaboration across internal teams, client IT environments, vendors, and carriers to expedite resolution. Conduct advanced data correlation and threat hunting across diverse sources — network traffic, email logs, malware samples, web server logs, DNS records — to uncover stealthy threats and improve detection capabilities. Lead strategic security projects, mentor junior engineers, and contribute to the evolution of the organisation's security posture through innovation and thought leadership. Knowledge and Attributes Advanced expertise in architecting, implementing, and optimising SIEM and security platforms across hybrid environments. Demonstrated leadership in ICS and SCADA security integration and monitoring within critical infrastructure. Deep knowledge of security architecture, with hands-on experience designing and integrating multi-layered security solutions across diverse technology stacks. Strategic customer engagement mindset with a proactive approach to anticipating security needs, influencing stakeholders, and driving continuous improvement in service delivery. Recognised as a strategic problem solver with a track record of resolving complex security challenges independently and leading cross-functional teams through ambiguity. Exceptional attention to detail in high-stakes environments, ensuring precision in threat detection, incident response, and documentation that supports audit and compliance. Advanced analytical acumen with the ability to synthesise threat intelligence, correlate multi-source data, and drive actionable insights for risk mitigation. Polished spoken and written communication skills; English preferred. Proven leadership in global security teams, fostering collaboration across departments, mentoring junior engineers, and driving alignment between security operations and business objectives. Academic Qualifications and Certifications Bachelor's degree or equivalent in Information Technology or a related field. Security certifications preferred: CySA, PenTest, CCSP, GCIH, OSCP, CISM, CISSP, or equivalent. IT certifications are an added advantage: CCNA, CCNP, RHCSA, GRID, GICSP, AZ-500, SC-200, or equivalent. Required Experience Advanced experience in security technologies (SIEM, PAM, IAM, PenTest, Threat Hunting, Firewall, Proxy, etc.), preferably within a global IT services organisation. 5–10 years of experience working in IT and/or Security Operations Centres. Data centre environment experience is an added plus. Advanced experience in cloud security is a plus. ICS and SCADA knowledge required. Advanced experience in technical support to clients. Advanced experience in diagnosis and troubleshooting. Advanced experience providing remote support in security technologies. Advanced experience in SOC/CSIRT operations. Advanced experience handling security incidents end to end. Advanced experience in security engineering. Advanced knowledge of networking, Windows, Linux, and security concepts. Advanced experience configuring and managing security controls such as RBAC, IAM, Zero Trust, UTM, Proxy, SOAR, etc. Advanced knowledge of log collection mechanisms such as Syslog, log file, DB API. Knowledge of security architecture. Work Conditions Hybrid position with occasional need to be on-site in a shared work environment. Must be comfortable with flexible working schedules across US, EMEA, and APAC time zones. Must be comfortable working in a highly critical, fast-paced environment with shifting priorities. Domestic and/or international travel required, up to 25% of time. Ability to perform work from a remote location with a stable internet connection. NIST NICE Framework Alignment (v2.1.0) The following work roles from the NICE Workforce Framework v2.1.0 map to this position. This mapping is provided to support standardised workforce planning and candidate sourcing. Primary Work Roles: NICE ID Work Role Alignment Rationale PD-WRL-001 Defensive Cybersecurity Analysing data from cybersecurity defence tools to mitigate risks; threat hunting, alert triage, data correlation across network traffic, email logs, DNS records, and malware samples. PD-WRL-004 Infrastructure Support Testing, implementing, deploying, maintaining, and administering infrastructure hardware and software for cybersecurity — maps directly to SIEM/SOAR platform lifecycle management, break-fix, patching, and version upgrades. PD-WRL-003 Incident Response Investigating, analysing, and responding to network cybersecurity incidents; leading post-incident reviews and implementing preventive measures. PD-WRL-007 Vulnerability Analysis Assessing systems and networks to identify deviations from acceptable configurations; designing and executing advanced vulnerability assessments; prioritising remediation based on business risk. Secondary Work Roles: NICE ID Work Role Alignment Rationale DD-WRL-009 Operational Technology (OT) Cybersecurity Engineering Designing and creating cybersecurity systems for OT environments — maps to the JD's ICS/SCADA requirement, including Purdue Model, OT protocol security, and zone/conduit architecture. PD-WRL-006 Threat Analysis Collecting, processing, analysing, and disseminating cybersecurity threat assessments; monitoring threat intelligence feeds; recommending strategic countermeasures. DD-WRL-001 Cybersecurity Architecture Ensuring security requirements are addressed across enterprise architecture; designing multi-layered security solutions across hybrid IT/OT environments. Relevant Competency Areas: ID Competency Area NF-COM-010 Operational Technology (OT) Security NF-COM-001 Access Controls NF-COM-004 Cloud Security NF-COM-005 Communications Security NF-COM-006 Cryptography NF-COM-007 Cyber Resiliency NF-COM-009 Operating Systems (OS) Security Representative TKS Statements (Tasks, Knowledge, Skills): The v2.1.0 framework uses TKS — not KSAs. The following are drawn from the work role tabs above. Knowledge: K0674: Knowledge of computer networking protocols K0680: Knowledge of cybersecurity principles and practices K0682: Knowledge of cybersecurity threats K0683: Knowledge of cybersecurity vulnerabilities K0691: Knowledge of cyber defence tools and techniques K0692: Knowledge of vulnerability assessment tools and techniques K0724: Knowledge of incident response principles and practices K0725: Knowledge of incident response tools and techniques K0732: Knowledge of intrusion detection tools and techniques K0783: Knowledge of network attack characteristics K0791: Knowledge of defence-in-depth principles and practices K0831: Knowledge of network attack vectors K0844: Knowledge of cyberattack stages K0950: Knowledge of Intrusion Detection System (IDS) tools and techniques K0951: Knowledge of Intrusion Prevention System (IPS) tools and techniques K1131: Knowledge of cyber defence monitoring tools K1144: Knowledge of data correlation tools and techniques K1289: Knowledge of control system environment risks, threats, and vulnerabilities K1293: Knowledge of Purdue Model levels K1300: Knowledge of control system network architectures K1308: Knowledge of OT network detection tools and techniques K1309: Knowledge of OT protocols Skills: S0156: Skill in performing packet-level analysis S0543: Skill in scanning for vulnerabilities S0544: Skill in recognising vulnerabilities S0566: Skill in developing signatures S0567: Skill in deploying signatures S0572: Skill in detecting host- and network-based intrusions S0593: Skill in handling incidents S0651: Skill in performing malware analysis S0688: Skill in performing network data analysis S0806: Skill in performing incident responses S0866: Skill in performing log file analysis S0874: Skill in performing network traffic analysis S0941: Skill in identifying gaps in control system network and connectivity architecture S0942: Skill in performing system recovery for control system environments S0951: Skill in securing control system communication protocols and media Tasks: T0164: Perform cyber defence trend analysis and reporting T1084: Identify anomalous network activity T1085: Identify potential threats to network resources T1109: Resolve cyber defence incidents T1119: Recommend vulnerability remediation strategies T1241: Document cybersecurity incidents T1347: Detect cybersecurity attacks and intrusions T1350: Perform continuous monitoring of system activity T1386: Analyse network traffic anomalies T1391: Reconstruct malicious attacks T1582: Maintain currency of cyber defence threat conditions T2031: Identify gaps in OT network architecture T2037: Create cybersecurity inspection and test policies and procedures for OT systems T2042: Generate cyberattack scenarios of serious physical consequence T2049: Serve as OT engineering subject matter expert for cybersecurity standards, policies, and procedures T2051: Train cybersecurity defence technicians on OT system processes and procedures