SOC Solutions Engineer - QRadar and Splunk

We are currently recruiting for a SOC Solutions Engineer with QRadar to join our growing Security Operations Centre business. This is a hybrid variable position based in Birmingham, London or Glasgow.

NTT Data is a leading Managed Service Provider (MSP) with a global reach empowering local teams, undertaking hugely exciting work and genuinely changing the world. We specialise in delivering cutting‑edge IT and cybersecurity solutions to a diverse client base, providing expert‑managed services to help clients protect data, comply with regulations and manage evolving cyber threats. This role is for a skilled Information Security Manager to join our team and be billed out to a key client to enhance their information security posture.

• The primary function of the Senior SOC Engineer is to enhance our security operations capabilities. This role requires deep expertise in SIEM platforms including Splunk, IBM QRadar, Microsoft Defender, Microsoft Sentinel, and Google Chronicle, with a strong focus on playbook development, analytical rule creation, and threat modelling. You will be instrumental in building and optimizing our detection and response strategies.

• Deploy, configure, and maintain SIEM platforms (Splunk, QRadar, Sentinel, Defender, Chronicle).
• Onboard and normalise log sources across cloud and on‑prem environments.
• Develop and optimise analytical rules for threat detection, anomaly detection, and behavioural analysis.

Design and implement incident response playbooks for various threat scenarios, such as phishing, lateral movement, and data exfiltration.

Integrate playbooks with SOAR platforms (Microsoft Logic Apps, XSOAR) to automate triage and response.

Continuously refine playbooks based on threat intelligence and incident feedback.

Monitor and analyse security alerts and events to identify potential threats.

Perform in‑depth investigations and coordinate incident response activities.

Collaborate with threat intelligence teams to enrich detection logic.

Conduct threat modelling exercises using frameworks like MITRE ATT&CK, STRIDE, or Kill Chain.

Translate threat models into actionable detection use cases and SIEM rules.

Prioritise detection engineering efforts based on risk and business impact.

Generate reports and dashboards for stakeholders on security posture and incident trends.

Work closely with IT, DevOps, and compliance teams to ensure secure system configurations.

Provide mentorship and guidance to junior analysts and engineers.

Maintain accurate and up‑to‑date documentation of security procedures, incident response plans, and analysis reports.

Support the creation of monthly reporting packs as per contractual requirements.

Create and document robust event and incident management processes, runbooks and playbooks.

• Involvement in scoping and standing up new solutions for new opportunities.
• Assisting Pre‑Sales team with requirements on new opportunities.
• Demonstrations of SOC tools to clients.
• Continual Service Improvement – recommendations for change to address incidents or persistent events.

• Must be able to obtain SC clearance or already hold SC clearance.
• Hands‑on experience of IBM QRadar.
• Strong knowledge of log formats, parsing, and normalisation.
• Experience with KQL, SPL, AQL, or other SIEM query languages.
• Familiarity with scripting (Python, PowerShell) for automation and enrichment.
• Deep understanding of threat detection, incident response, and cyber kill chain.
• Familiarity with MITRE ATT&CK, NIST, and CIS frameworks.
• Strong verbal and written English communication.
• Strong interpersonal and presentation skills.
• Strong analytical skills.
• Good understanding of network traffic flows and ability to recognise normal and suspicious activities.
• Good understanding of vulnerability scanning and management as well as ethical hacking (penetration testing).
• Knowledge of ITIL disciplines such as incident, problem and change management.
• Ability to work with minimal supervision.
• Willingness to work in a 24/7 on‑call job.

• Minimum of 3‑5 years of experience in the IT security industry, preferably in a SOC / NOC environment.
• Preferably holds Cyber Security Certification (ISC² CISSP, GIAC, SC‑200, Splunk Certified Admin / Power User, IBM QRadar Certified Specialist, Google Chronicle Security Engineer, etc.).
• Experience with ServiceNow Security suite.
• Experience with cloud platforms (AWS and/or Microsoft Azure).
• Excellent knowledge of Microsoft Office products, especially Excel and Word.

• Security Director – NTT DATA UK Security Practice
• Client Delivery Director – NTT DATA UK Managed Services

We’re a business with a global reach that empowers local teams and undertakes hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues and clients on exciting projects. Our inclusive work environment prioritises mutual respect, accountability, continuous learning for all our people. This approach fosters collaboration, well‑being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as the Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.

For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA.

We offer a range of tailored benefits that support your physical, emotional, and financial well‑being. Our Learning and Development team ensures continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.

We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer and actively collaborate with individuals who have disabilities and long‑term health conditions to eliminate barriers. In line with our commitment, we guarantee an interview to applicants who declare a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.