NTT DATA – Birmingham, England, United Kingdom

SOC Solutions Engineer

Hybrid variable position based in our Birmingham or London office.

About Us

NTT DATA is a leading Managed Service Provider (MSP) with a global reach, empowering local teams and delivering cutting‑edge IT and cybersecurity solutions. We provide expert‑managed services that protect clients’ data, support regulatory compliance and defend against evolving cyber threats.

Role Overview

We are recruiting a SOC Solutions Engineer to enhance our Security Operations Centre (SOC) by building and optimizing detection, response and playbook capabilities across SIEM platforms.

Responsibilities

• Deploy, configure and maintain SIEM platforms such as Splunk, IBM QRadar, Microsoft Defender, Microsoft Sentinel and Google Chronicle.
• Onboard and normalize log sources across cloud and on‑prem environments.
• Develop, optimize and maintain analytical rules for threat detection, anomaly detection and behavioural analysis.
• Design and implement incident response playbooks for various threat scenarios (e.g., phishing, lateral movement, data exfiltration).
• Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to automate triage and response.
• Continuously refine playbooks based on threat intelligence and incident feedback.
• Monitor and analyze security alerts and events to identify potential threats.
• Perform in‑depth investigations and coordinate incident response activities.
• Collaborate with threat intelligence teams to enrich detection logic.
• Conduct threat modelling exercises using frameworks such as MITRE ATT&CK, STRIDE or the Kill Chain.
• Translate threat models into actionable detection use cases and SIEM rules.
• Prioritize detection engineering efforts based on risk and business impact.
• Generate reports and dashboards for stakeholders on security posture and incident trends.
• Work closely with IT, DevOps and compliance teams to ensure secure system configurations.
• Provide mentorship and guidance to junior analysts and engineers.
• Maintain accurate and up‑to‑date documentation of security procedures, incident response plans and analysis reports.
• Support the creation of monthly reporting packs as per contractual requirements.
• Document robust event and incident management processes, runbooks and playbooks.
• Assist in scoping and standing up new solutions for new opportunities.
• Support the Pre‑Sales team with requirements on new opportunities.
• Demonstrate SOC tools to clients.
• Recommend changes to address incidents or persistent events as part of continual service improvement.

Qualifications

• Minimum 3‑5 years of IT security experience, preferably in SOC/NOC environments.
• Hands‑on SIEM expertise – Splunk or QRadar (highly preferred).
• Strong knowledge of log formats, parsing and normalization.
• Experience with KQL, SPL, AQL or other SIEM query languages.
• Proficiency in scripting for automation – Python or PowerShell.
• Deep understanding of threat detection, incident response and cyber kill chain.
• Familiarity with MITRE ATT&CK, NIST and CIS frameworks.
• Strong verbal and written communication skills.
• Strong analytical and interpersonal skills.
• Good understanding of network traffic flows and ability to identify normal and suspicious activity.
• Knowledge of vulnerability scanning, management and ethical hacking (penetration testing).
• Experience with ITIL disciplines – Incident, Problem and Change Management.
• Ability to work with minimal supervision.
• Willingness to work in a 24/7 on‑call environment.

Education & Certifications

• Preferred certifications: ISC2 CISSP, GIAC, SC-200, Splunk Certified Admin/Power User, IBM QRadar Certified Specialist, Google Chronicle Security Engineer.
• Experience with ServiceNow Security Operations is a plus.
• Experience with cloud platforms (AWS and/or Microsoft Azure).
• Excellent knowledge of Microsoft Office, especially Excel.

Benefits

We offer a range of tailored benefits that support physical, emotional and financial well‑being, continuous learning and development opportunities, flexible work options and a diverse, inclusive working environment.

Equal Opportunity Employer

We are an equal opportunities employer. We believe in fair treatment of all employees and commit to promoting equity and diversity in employment practices. We are proud to be a Disability Confident and Committed Employer, committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long‑term health conditions. If you require reasonable adjustments during the recruitment process, please let us know.