P3 Senior SOC Analyst (L3)
We are currently recruiting a Senior SOC Analyst L3 Managed Detection and Response to join our growing Security Operations Centre business.
This role will be hybrid variable Birmingham.
About Us
NTT DATA is one of the world’s largest Global Security services providers with over 7500 Security SMEs and Integration partner to many of the worlds most recognised Security Technology providers. We strive to hire exceptional, innovative, and passionate individuals who want to grow with us. In a constantly changing world, we work together with our people, clients and communities to enable them to fulfil their potential to do great things. We believe that by bringing everyone together, we can solve problems using innovative technology that can create a world that is sustainable and secure.
This is a great opportunity for you to play a pivotal role in helping to shape our client’s transformation journeys.
What you'll be doing:
What you will be doing;
\tThe primary function of the Senior SOC Analyst L3 is to manage any incidents escalated by the SOC Analyst (L1 & L2) and undertake the detailed investigation of the Security Event. The Senior SOC Analyst shall be able to look at all the evidence available and support the client on the appropraite action to contain and remediate any security incident. They will need to be able to provide root cause analysis and liaise with the custiomer and the Service Delivery Manager as well and ensuring the actions of the SOC Analysts follow best practice.Job Duties
\tSecurity Monitoring: & Investigation:\t\t\tMonitoring SIEM tools to assure high a level of security operations delivery function\t\tOversee and enhance security monitoring systems to detect and analyse potential security incidents.\t\tConduct real-time analysis of security events and incident and escalate as necessary\t\tSupport other teams on investigations into incidents, determining the root cause and impact.\t\tDocument findings and lessons learned to improve incident response procedures.\t\tEnsure runbooks are followed and are fit for purpose\t\t\tIncident Response:\t\t\tLead and coordinate incident response activities to effectively contain, eradicate, and recover from security incidents.\t\tDevelop and maintain incident response plans, ensuring they align with industry best practices.\t\tEscalation management in the event of a security incident\t\tFollow major incident process\t\t\tThreat Intelligence:\t\t\tStay abreast of the latest cybersecurity threats and vulnerabilities, integrating threat intelligence into security monitoring processes.\t\tContribute to the development of threat intelligence feeds to enhance proactive threat detection.\t\tProactively hunt for threats within enterprise environments using SIEM and EDR solutions.\t\tFine-tune SIEM detection rules, correlation alerts, and log sources to reduce false positives.\t\tAnalyse threat intelligence feeds, map findings to MITRE ATT&CK framework, and provide actionable security recommendations.\t\tCollaborate with SOC teams to investigate alerts, escalate incidents, and improve detection mechanisms.\t\tConduct adversary simulation exercises to test and improve detection capabilities.\t\tGenerate detailed reports on emerging threats, attack trends, and security posture improvements.\t\tMonitored and analysed security logs from SIEM platforms to identify suspicious activity.\t\t \t\t\tSecurity Tool Management:\t\t\tManage and optimise SIEM tools, ensuring they are properly configured and updated to maximize effectiveness.\t\tOwn the development and implementation of SOC Use Cases\t\tEvaluate new security technologies and recommend enhancements to the security infrastructure.\t\t\tCollaboration:\t\t\tCollaborate with cross-functional teams, including IT, legal, and management, to address security incidents and implement preventive measures.\t\tProvide expertise and guidance to other analysts.\t\tWorking with the Technical Teams to ensure all new and changed services are monitored accordingly\t\t\tDocumentation:\t\t\tMaintain accurate and up-to-date documentation of security procedures, incident response plans, and analysis reports.\t\tCreate post-incident reports for management and stakeholders.\t\tSupport the creation of monthly reporting packs as per contractual requirements.\t\tCreate and document robust event and incident management processes, Runbooks & Playbooks\t\t\tOther responsibilities:\t\t\tInvolvement in scoping and standing up new solutions for new opportunities\t\tAssisting Pre-Sales team with requirements on new opportunities\t\tDemonstrations of SOC tools to clients\t\tContinual Service Improvement - Recommendations for change to address incidents or persistent event\t\t What experience you'll bring:What experience you'll bring;
\tMust be able to obtain SC Clearance or already hold SC clearance.\tMust have a good understanding on Incident Response approaches\tMust have knowledge and hands-on knowledge of Microsoft Sentinel (or any SIEM tool).\tStrong verbal and written English communication.\tStrong interpersonal and presentation skills.\tStrong analytical skills\tMust have good understanding on network traffic flows and able to understand normal and suspicious activities.\tMust have good understanding of Vulnerability Scanning and management as well as Ethical Hacking (Penetration Testing)\tAbility to learn forensic techniques\tAbility to reverse engineer attacks to understand what actions took place.\tKnowledge of ITIL disciplines such as Incident, Problem and Change Management.\tAbility to work with minimal levels of supervision.\tWillingness to work in a job that involves 24/7 operations or on call.\tThreat Hunting & Detection (IOC & IOA Analysis, TTP Profiling, Cyber Kill Chain)\tSIEM Fine-Tuning & Optimisation (QRadar, Splunk, Sentinel, ArcSight)\tIncident Response & Forensics (MITRE ATT&CK, DFIR, Log Analysis)\tThreat Intelligence Analysis\tSecurity Analytics & Automation (SOAR, YARA Rules, Sigma Rules)\tMalware Analysis & Reverse Engineering\tNetwork & Endpoint Security Monitoring (EDR, IDS/IPS, Firewalls)
Education Requirements & Experience
\tMinimum of 3 to 5 years of experience in the IT security industry, preferably working in a SOC/NOC environment.\tPreferably holds Cyber Security Certification e.g. ISC2 CISSP, GIAC, SC-200, Certified SOC Analyst\tExperience with Cloud platforms (AWS and/or Microsoft Azure)\tExcellent knowledge of Microsoft Office products, especially Excel and WordReports to
\tSecurity Director – NTT DATA UK Security Practice\tClient Delivery Director – NTT DATA UK Managed Service Who we are:We’re a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.
Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.
For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA
what we'll offer you:We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.
You can find more information about NTT DATA UK & Ireland here: https://uk.nttdata.com/
We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.