Make an impact with NTT DATA
Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it's a place where you can grow, belong and thrive.
The primary function of the Tier 3 Analyst is to enhance our security operations capabilities. This role requires deep expertise in SIEM platforms including Splunk, IBM QRadar, Microsoft Defender, Microsoft Sentinel, and Google Chronicle, with a strong focus on playbook development, analytical rule creation, and threat modelling. You will be instrumental in building and optimizing our detection and response strategies.
Job Duties
SIEM Engineering & Management
* Deploy, configure, and maintain SIEM platforms (Splunk, QRadar, Sentinel, Defender, Chronicle).
* Onboard and normalize log sources across cloud and on-prem environments.
* Develop and optimize analytical rules for threat detection, anomaly detection, and behavioural analysis.
Playbook Development & Automation
* Design and implement incident response playbooks for various threat scenarios (e.g., phishing, lateral movement, data exfiltration).
* Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to automate triage and response.
* Continuously refine playbooks based on threat intelligence and incident feedback.
Threat Detection & Response
* Monitor and analyse security alerts and events to identify potential threats.
* Perform in-depth investigations and coordinate incident response activities.
* Collaborate with threat intelligence teams to enrich detection logic.
Threat Modelling & Use Case Development
* Conduct threat modelling exercises using frameworks like MITRE ATT&CK, STRIDE, or Kill Chain.
* Translate threat models into actionable detection use cases and SIEM rules.
* Prioritize detection engineering efforts based on risk and business impact.
Reporting & Collaboration
* Generate reports and dashboards for stakeholders on security posture and incident trends.
* Work closely with IT, DevOps, and compliance teams to ensure secure system configurations.
* Provide mentorship and guidance to junior analysts and engineers.
* Maintain accurate and up-to-date documentation of security procedures, incident response plans, and analysis reports.
* Support the creation of monthly reporting packs as per contractual requirements.
* Create and document robust event and incident management processes, Runbooks & Playbooks
Other responsibilities:
* Involvement in scoping and standing up new solutions for new opportunities
* Assisting Pre-Sales team with requirements on new opportunities
* Demonstrations of SOC tools to clients
* Continual Service Improvement - Recommendations for change to address incidents or persistent events.
Skills
SIEM Expertise
* Splunk
* IBM QRadar
* Microsoft Defender for Endpoint
* Microsoft Sentinel
* Google Chronicle
Technical Skills
* Strong knowledge of log formats, parsing, and normalization.
* Experience with KQL, SPL, AQL, or other SIEM query languages.
* Familiarity with scripting (Python, PowerShell) for automation and enrichment.
Security Knowledge
* Deep understanding of threat detection, incident response, and cyber kill chain.
* Familiarity with MITRE ATT&CK, NIST, and CIS frameworks.
Other skills
* Strong verbal and written English communication.
* Strong interpersonal and presentation skills.
* Strong analytical skills
* Must have good understanding on network traffic flows and able to understand normal and suspicious activities.
* Must have good understanding of Vulnerability Scanning and management as well as Ethical Hacking (Penetration Testing)
* Knowledge of ITIL disciplines such as Incident, Problem and Change Management.
* Ability to work with minimal levels of supervision.
* Willingness to work in a job that involves 24/7 on call.
Education Requirements & Experience
* Minimum of 3 to 5 years of experience in the IT security industry, preferably working in a SOC/NOC environment.
* Preferably holds Cyber Security Certification e.g. ISC2 CISSP, GIAC, SC-200, Splunk Certified Admin/Power User, IBM QRadar Certified Specialist, Google Chronicle Security Engineer etc
* Experience with Service Now Security suite
* Experience with Cloud platforms (AWS and/or Microsoft Azure)
* Excellent knowledge of Microsoft Office products, especially Excel and Word
Workplace type:
Hybrid Working
About NTT DATA
NTT DATA is a $30+ billion business and technology services leader, serving 75% of the Fortune Global 100. We are committed to accelerating client success and positively impacting society through responsible innovation. We are one of the world’s leading AI and digital infrastructure providers, with unmatched capabilities in enterprise-scale AI, cloud, security, connectivity, data centers and application services. Our consulting and industry solutions help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have experts in more than 50 countries. We also offer clients access to a robust ecosystem of innovation centers as well as established and start-up partners. NTT DATA is part of NTT Group, which invests over $3 billion each year in R&D.
Equal Opportunity Employer
NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.
Third parties fraudulently posing as NTT DATA recruiters
NTT DATA recruiters will never ask job seekers or candidates for payment or banking information during the recruitment process, for any reason. Please remain vigilant of third parties who may attempt to impersonate NTT DATA recruiters—whether in writing or by phone—to deceptively obtain personal data or money from you. All email communications from an @nttdata.com email address. If you suspect any fraudulent activity, please contact us.
#J-18808-Ljbffr