Overview
The primary function of the Senior SOC Engineer is to enhance our security operations capabilities. This role requires deep expertise in SIEM platforms including Splunk, IBM QRadar, Microsoft Defender, Microsoft Sentinel, and Google Chronicle, with a strong focus on playbook development, analytical rule creation, and threat modelling. You will be instrumental in building and optimizing our detection and response strategies.
Responsibilities
* SIEM Engineering & Management: Deploy, configure, and maintain SIEM platforms (Splunk, QRadar, Sentinel, Defender, Chronicle).
* Onboard and normalize log sources across cloud and on-prem environments.
* Develop and optimize analytical rules for threat detection, anomaly detection, and behavioural analysis.
* Playbook Development & Automation: Design and implement incident response playbooks for various threat scenarios (e.g., phishing, lateral movement, data exfiltration).
* Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to automate triage and response.
* Continuously refine playbooks based on threat intelligence and incident feedback.
* Threat Detection & Response: Monitor and analyse security alerts and events to identify potential threats.
* Perform in-depth investigations and coordinate incident response activities.
* Collaborate with threat intelligence teams to enrich detection logic.
* Threat Modelling & Use Case Development: Conduct threat modelling exercises using frameworks like MITRE ATT&CK, STRIDE, or Kill Chain.
* Translate threat models into actionable detection use cases and SIEM rules.
* Prioritize detection engineering efforts based on risk and business impact.
* Reporting & Collaboration: Generate reports and dashboards for stakeholders on security posture and incident trends.
* Work closely with IT, DevOps, and compliance teams to ensure secure system configurations.
* Provide mentorship and guidance to junior analysts and engineers.
* Maintain accurate and up-to-date documentation of security procedures, incident response plans, and analysis reports.
* Support the creation of monthly reporting packs as per contractual requirements.
* Create and document robust event and incident management processes, Runbooks & Playbooks.
Other responsibilities
* Involvement in scoping and standing up new solutions for new opportunities.
* Assisting Pre-Sales team with requirements on new opportunities.
* Demonstrations of SOC tools to clients.
* Continual Service Improvement - Recommendations for change to address incidents or persistent events.
Benefits & Equal Opportunity
We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.
We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.
Must be able to obtain SC Clearance or already hold SC clearance.
Qualifications
* SIEM Expertise: Hands-on experience with at least two of the following: Splunk, IBM QRadar, Microsoft Defender for Endpoint, Microsoft Sentinel, Google Chronicle.
* Technical Skills: Strong knowledge of log formats, parsing, and normalization. Experience with KQL, SPL, AQL, or other SIEM query languages. Familiarity with scripting (Python, PowerShell) for automation and enrichment.
* Security Knowledge: Deep understanding of threat detection, incident response, and cyber kill chain. Familiarity with MITRE ATT&CK, NIST, and CIS frameworks.
* Strong verbal and written English communication.
* Strong interpersonal and presentation skills.
* Strong analytical skills.
* Must have good understanding of network traffic flows and ability to distinguish normal vs suspicious activity.
* Must have good understanding of Vulnerability Scanning and management as well as Ethical Hacking (Penetration Testing).
* Knowledge of ITIL disciplines such as Incident, Problem and Change Management.
* Ability to work with minimal supervision.
* Willingness to work in a role that involves 24/7 on-call.
* Education: Minimum of 3 to 5 years of experience in the IT security industry, preferably in a SOC/NOC environment.
* Certifications: Preferably holds Cyber Security Certification such as CISSP, GIAC, SC-200, Splunk Certified Admin/Power User, IBM QRadar Certified Specialist, Google Chronicle Security Engineer, etc.
* Experience with Service Now Security suite.
* Experience with Cloud platforms (AWS and/or Microsoft Azure).
* Excellent knowledge of Microsoft Office products, especially Excel and Word.
Education & Experience
Minimum of 3 to 5 years of experience in the IT security industry, preferably working in a SOC/NOC environment.
Must be able to obtain SC Clearance or already hold SC clearance.
At NTT DATA, you have endless opportunities to think big, act bold and take ownership. As a $30+ billion business and technology services, AI and digital infrastructure leader, we co-innovate solutions with clients and partners globally for business and societal impact. Serving 75% of the Fortune Global 100, with experts in over 70 countries, we encourage experimentation and recognize great work. Proudly a Global Top Employer, NTT DATA is part of NTT Group, which invests over $3 billion annually in R&D. Make this the place where you belong, learn, and build your network. Make this the place where you grow.
Upon joining the NTT DATA UK family, you will experience a culturally diverse organisation living our values of Clients First, Teamwork and Foresight as we partner with our customers every day. We are proud to support and invest in our people. We offer a variety of rewarding career paths and opportunities to develop professionally - with access to cutting edge innovation.
#J-18808-Ljbffr