At a Glance
- Tasks: Join our team as a SOC Analyst Level 2, monitoring and investigating security incidents.
- Company: NTT DATA is a leading global security services provider with a focus on innovation and teamwork.
- Benefits: Enjoy flexible work options, continuous learning opportunities, and a supportive work environment.
- Other info: This role involves 24/7 operations with shift patterns of 4 days on, 4 days off.
- Why this job: Be part of a dynamic team shaping the future of cybersecurity while making a real impact.
- Qualifications: 3-5 years in IT security, knowledge of SIEM tools, and strong analytical skills required.
The predicted salary is between 36000 - 60000 € per year.
What you';ll be doing:
UK Sovereign SOC
Security Analyst (Level 2)
The SOC Analyst (L2) plays a critical role in the detection, investigation, and management of security alerts and incidents escalated from SOC Analyst (L1) teams. The position focuses on in‑depth analysis, incident validation, tactical response coordination, and continuous improvement of security monitoring and response capabilities.
Operating within a 24/7 Security Operations Centre, the L2 Analyst serves as a technical escalation point for junior analysts, working closely with internal IT and security teams as well as customers to contain and remediate security incidents. The role contributes directly to improving detection quality, response efficiency, and the overall effectiveness of SOC operations.
What You Will Be Responsible For
You will investigate security alerts and events escalated from Level 1 analysts, validating and classifying activity to determine whether it represents a confirmed security incident. This includes performing detailed analysis to understand root cause, scope, impact, and attacker behaviour using SIEM platforms and supporting telemetry.
You will coordinate and support incident response activities in line with defined SOC and customer processes, assisting with containment, eradication, and recovery actions. During high‑severity or customer‑impacting incidents, you will follow major incident procedures and ensure timely, accurate escalation to stakeholders. You will provide technical guidance to L1 analysts during live incidents and help maintain investigation quality under pressure.
You will execute defined SOAR playbooks as part of incident response and provide structured feedback to improve automation, response consistency, and efficiency. You will maintain awareness of SOC performance metrics and service levels, such as MTTD and MTTR, and actively contribute to improving investigation quality and response outcomes.
You will apply threat intelligence to investigations and alert triage, maintaining awareness of emerging threats, vulnerabilities, and attacker techniques. Incident learnings and threat insights will be fed back into detection logic to continuously enhance SOC monitoring capabilities.
You will also contribute to the development and tuning of SOC detection use cases, ensuring alerting remains relevant, effective, and aligned to current threat activity. This includes supporting onboarding of new services, identifying detection gaps, and recommending improvements to tooling, processes, and coverage.
Clear and accurate documentation is a key part of the role. You will maintain investigation records, runbooks, and playbooks, produce post‑incident reports for customers and internal stakeholders, and contribute to operational and service reporting. You will help document and implement improvements to event and incident management processes.
Collaboration is essential. You will work closely with IT, security, and technical teams to resolve incidents and reduce risk, act as a mentor and escalation point for L1 analysts, and support continual service improvement by identifying recurring issues and proposing corrective actions.
What You’ll Bring
You will have hands‑on experience working with SIEM platforms such as Splunk, Microsoft Sentinel, or QRadar, and a strong understanding of incident response workflows and escalation management. You will be comfortable analysing security telemetry, understanding attacker behaviour, and applying log‑ and artefact‑based investigation techniques.
You will demonstrate strong analytical thinking, sound decision‑making, and the ability to remain effective during high‑pressure incidents. Clear, professional communication—both written and verbal—is essential, as is the ability to work independently while following and improving structured operational processes.
What experience you';ll bring:
- 2–4 years’ experience in the IT security industry, ideally within a SOC or NOC environment, including experience operating at SOC L1 level
- Relevant cybersecurity certifications desirable (e.g. GIAC, CySA+, SC‑200)
- Experience working with cloud platforms such as Microsoft Azure and/or AWS
- Proficiency with Microsoft Office tools, particularly Excel and Word
Security & Working Requirements
- Eligibility for, or holding, UK SC Clearance
- Willingness to work within a 24/7 shift‑based SOC environment, including on‑call duties.
- Full time in Birmingham, probably 4 days on, 4 days off.
Who we are:
At NTT DATA, you have endless opportunities to think big, act bold and take ownership. As a $30+ billion business and technology services, AI and digital infrastructure leader, we co-innovate solutions with clients and partners globally for business and societal impact. Serving 75% of the Fortune Global 100, with experts in over 70 countries, we encourage experimentation and recognize great work. Proudly a Global Top Employer, NTT DATA is part of NTT Group, which invests over $3 billion annually in R&D. Make this the place where you belong, learn, and build your network. Make this the place where you grow.
what we';ll offer you:
We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.
You can find more information about NTT DATA UK & Ireland here: https://uk.nttdata.com/
We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.
SOC Analyst Level 2 in Birmingham employer: NTT DATA
NTT DATA is an exceptional employer located in Birmingham, offering a dynamic work environment that prioritises innovation and collaboration. With a strong commitment to employee growth, we provide tailored benefits and continuous learning opportunities, ensuring our team members thrive both personally and professionally. Our inclusive culture fosters diversity and mutual respect, making NTT DATA a rewarding place to build a meaningful career in the ever-evolving field of cybersecurity.
StudySmarter Expert Advice🤫
We think this is how you could land SOC Analyst Level 2 in Birmingham
✨Tip Number 1
Familiarise yourself with the specific SIEM tools mentioned in the job description, especially Microsoft Sentinel. Having hands-on experience or even a solid understanding of how to configure and optimise these tools will set you apart from other candidates.
✨Tip Number 2
Stay updated on the latest cybersecurity threats and trends. Being able to discuss recent incidents or vulnerabilities during your interview will demonstrate your proactive approach and genuine interest in the field.
✨Tip Number 3
Prepare to showcase your analytical skills by discussing past experiences where you've successfully identified and resolved security incidents. Use specific examples that highlight your problem-solving abilities and teamwork in high-pressure situations.
✨Tip Number 4
Network with current or former employees of NTT DATA, if possible. Engaging with them can provide valuable insights into the company culture and expectations, which you can leverage during your application process.
We think you need these skills to ace SOC Analyst Level 2 in Birmingham
Some tips for your application 🫡
Tailor Your CV:Make sure your CV highlights relevant experience in IT security, particularly in SOC/NOC environments. Emphasise your knowledge of incident response, SIEM tools like Microsoft Sentinel, and any cybersecurity certifications you hold.
Craft a Strong Cover Letter:In your cover letter, express your passion for cybersecurity and detail how your skills align with the responsibilities outlined in the job description. Mention specific experiences that demonstrate your analytical skills and ability to work under pressure.
Showcase Relevant Skills:Clearly list your technical skills related to security monitoring, incident response, and vulnerability management. Highlight your understanding of network traffic flows and any hands-on experience with ethical hacking or penetration testing.
Prepare for Potential Questions:Anticipate questions related to your experience with security incidents and your approach to incident response. Be ready to discuss how you stay updated on the latest cybersecurity threats and how you would handle specific scenarios.
How to prepare for a job interview at NTT DATA
✨Understand the Role
Make sure you have a solid grasp of what a SOC Analyst Level 2 does. Familiarise yourself with the key responsibilities, such as incident analysis and security monitoring. This will help you answer questions confidently and demonstrate your knowledge.
✨Showcase Your Technical Skills
Be prepared to discuss your hands-on experience with SIEM tools like Microsoft Sentinel. Highlight any relevant certifications or training you've completed, and be ready to explain how you've used these tools in past roles to manage security incidents.
✨Prepare for Scenario-Based Questions
Expect to face scenario-based questions that assess your problem-solving skills in real-time situations. Think about past incidents you've handled and be ready to walk the interviewer through your thought process and actions taken during those events.
✨Demonstrate Team Collaboration
Since this role involves working closely with IT and Security teams, be ready to discuss your experience collaborating with others. Share examples of how you've worked in a team to resolve security incidents or improve processes, showcasing your interpersonal skills.
