Soc Analyst Level 2

Overview

NTT DATA Birmingham, United Kingdom is recruiting for a Senior Associate level Managed Detection and Response SOC Analyst Level 2 to join our Security Operations Centre. This role is on-site in Birmingham and involves 24/7 operations, likely in a shift pattern of 4 days on, 4 days off.

About Us

NTT DATA is one of the world’s largest Global Security services providers with over 7500 Security SMEs and integration partners to many of the world’s most recognised Security Technology providers. We strive to hire exceptional, innovative, and passionate individuals who want to grow with us. We work with our people, clients and communities to enable them to fulfil their potential and to do great things. We believe that by bringing everyone together, we can solve problems using innovative technology that creates a sustainable and secure world.

What you will be doing

• The primary function of the SOC Analyst (L2) is to analyse incidents escalated by the SOC Analyst (L1) and undertake detailed investigation of security events, determining whether an event will be classified as an incident.
• Coordinate with the customer IT and security teams for resolution of security incidents.

Main Duties

• Security Monitoring and Investigation: monitor SIEM tools to deliver high-quality security operations, oversee and enhance monitoring systems to detect and analyse potential security incidents.
• Conduct real-time analysis of security events and incidents and escalate as necessary.
• Support other teams on investigations, determine root cause and impact.
• Document findings and lessons learned to improve incident response procedures.
• Ensure runbooks are followed and fit for purpose.
• Lead and coordinate incident response activities to contain, eradicate, and recover from security incidents.
• Develop and maintain incident response plans aligned with industry best practices.
• Manage escalation in the event of security incidents and follow major incident processes.
• Stay abreast of latest cybersecurity threats and vulnerabilities, integrating threat intelligence into monitoring processes.
• Contribute to threat intelligence feeds to enhance proactive detection.
• Security Tool Management: manage and optimise SIEM tools, ensure proper configuration and updates; own the development and implementation of SOC use cases.
• Evaluate new security technologies and recommend enhancements.
• Collaborate with cross-functional teams to address security incidents and implement preventive measures.
• Provide expertise and guidance to other analysts; ensure new/changed services are monitored.
• Documentation: maintain up-to-date documentation of security procedures, incident response plans, and analysis reports; create post-incident reports for management and stakeholders; support monthly reporting packs as per contractual requirements; create and document robust event and incident management processes, runbooks and playbooks.
• Other responsibilities: involvement in scoping and standing up new solutions; assist Pre-Sales with requirements; demonstrate SOC tools to clients; continual service improvement with recommendations for changes to address incidents.

What you will bring

• Must be able to work on-site in Birmingham with 24/7 operations (4 days on, 4 days off).
• Must be able to obtain SC Clearance or already hold SC clearance.
• Strong understanding of Incident Response approaches.
• Ideally knowledge and hands-on experience with Splunk or QRadar.
• Strong interpersonal and presentation skills; strong analytical skills.
• Good understanding of network traffic flows and ability to identify normal vs. suspicious activity.
• Good understanding of Vulnerability Scanning and management as well as Ethical Hacking (Penetration Testing).
• Ability to learn forensic techniques and reverse engineer attacks to understand actions taken.
• Knowledge of ITIL disciplines (Incident, Problem, Change Management).
• Ability to work with minimal supervision; willingness to work in a 24/7 or on-call environment.

Education Requirements & Experience

• Minimum 3–5 years of experience in IT security, preferably in a SOC/NOC environment.
• Cyber Security Certifications preferred (e.g., GIAC, ISC2, SC-200).
• Experience with Cloud platforms (AWS and/or Microsoft Azure).
• Excellent knowledge of Microsoft Office products, especially Excel and Word.

Reports to

• Security Director – NTT DATA UK Security Practice
• Client Delivery Director – NTT DATA UK Managed Services

We are an equal opportunities employer and are committed to promoting equity and diversity. We also recognise the Disability Confident scheme and guarantee an interview to applicants who declare a disability and meet the minimum requirements. If you require reasonable adjustments during the recruitment process, please let us know.