Join NTT DATA as a SOC Engineer and play a pivotal role in defending clients against evolving cyber threats. You will leverage your expertise in SIEM platforms, threat detection, and incident response to strengthen security operations center (SOC) capabilities. Collaborating with cross-functional teams, you’ll develop automated playbooks, engineering use cases, and deploying advanced detection systems to ensure robust protection in a fast-paced, real-time environment.

Core Responsibilities

SIEM Engineering & Analytics

• Deploy, configure, and maintain SIEM platforms such as Splunk, QRadar, Sentinel, and Chronicle to enable robust threat detection.
• Normalize and onboard diverse log sources from cloud and on-premises environments for seamless monitoring.
• Develop and continually refine SIEM rules and queries for use cases involving advanced threat behaviors and anomaly detection.

Playbook Automation & Incident Response

• Design and implement incident response playbooks for threats such as phishing, lateral movement, malware infections, and more.
• Integrate response automation into SOAR platforms (e.g., XSOAR, Azure Logic Apps), reducing response times and manual overhead.
• Use feedback from simulated incidents and threat intelligence to refine existing playbooks and workflows.

Threat Detection & Response

• Monitor security alerts for potential threats, investigate incidents, and coordinate cross-team response activities.
• Collaborate with threat intelligence teams to enhance detection logic and fine-tune resolution processes.
• Perform root-cause analysis (RCA) of recurring incidents and help define corrective actions to reduce future risks.

Threat Modelling & Use Case Development

• Perform threat modeling using industry frameworks such as MITRE ATT&CK, STRIDE, or the Cyber Kill Chain.
• Design actionable SIEM use cases, detection rules, and workflows aligned with risk prioritization.
• Evaluate use-case effectiveness through continual testing and KPIs, prioritizing iteration based on business relevance.

Reporting & Documentation

• Develop dashboards and metrics-driven reports to showcase security posture and incident trends for leadership.
• Maintain detailed documentation of incident procedures, runbooks, playbooks, and analysis reports for audit or team use.
• Support monthly managerial reporting packs to present SOC effectiveness metrics (e.g., incident response times, detection improvements).

Training, Mentorship, & Pre-Sales Support

• Provide mentorship to junior SOC analysts, transferring technical expertise on threat detection and response best practices.
• Assist pre-sales teams by demonstrating SOC tools to prospective clients and refining operational delivery proposals.
• Scope, deploy, and operationalize new SOC solutions, benchmarking against industry and client expectations.