SOC Solutions Engineer - QRadar and Splunk

JOB DESCRIPTION

The team you'll be working with :

We are currently recruiting for a Soc Solutions Engineer with QRadarto join our growing Security Operations Centre business.

This is a hybrid variable position based in Birmingham OR London OR Glasgow.

NTT Data is a leading Managed Service Provider (MSP) with a global reach empowering local team, undertaking hugely exciting work and is genuinely changing the world.

We specialise in delivering cutting‑edge IT and cybersecurity solutions to our diverse client base. We provide expert‑managed services to help clients protect their data, comply with regulations, and manage evolving cyber threats. We are looking for a skilled Information Security Manager to join our team and be billed out to a key client to enhance their information security posture.

• The primary function of the Senior SOC Engineer is to enhance our security operations capabilities. This role requires deep expertise in SIEM platforms including Splunk, IBM QRadar, Microsoft Defender, Microsoft Sentinel, and Google Chronicle, with a strong focus on playbook development, analytical rule creation, and threat modelling. You will be instrumental in building and optimizing our detection and response strategies.

• Deploy, configure, and maintain SIEM platforms (Splunk, QRadar, Sentinel, Defender, Chronicle).
• Onboard and normalize log sources across cloud and on‑prem environments.
• Develop and optimise analytical rules for threat detection, anomaly detection, and behavioural analysis.
• Playbook Development & Automation Design and implement incident response playbooks for various threat scenarios (e.g., phishing, lateral movement, data exfiltration). Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to automate triage and response. Continuously refine playbooks based on threat intelligence and incident feedback.
• Threat Detection & Response – Monitor and analyse security alerts and events to identify potential threats. Perform in‑depth investigations and coordinate incident response activities. Collaborate with threat intelligence teams to enrich detection logic.
• Threat Modelling & Use Case Development – Conduct threat modelling exercises using frameworks like MITRE ATT&CK, STRIDE, or Kill Chain. Translate threat models into actionable detection use cases and SIEM rules. Prioritise detection engineering efforts based on risk and business impact.
• Reporting & Collaboration – Generate reports and dashboards for stakeholders on security posture and incident trends. Work closely with IT, Dev Ops, and compliance teams to ensure secure system configurations. Provide mentorship and guidance to junior analysts and engineers. Maintain accurate and up‑to‑date documentation of security procedures, incident response plans, and analysis reports. Support the creation of monthly reporting packs as per contractual requirements.
  
  Create and document robust event and incident management processes, Runbooks & Playbooks.
• Other responsibilities – Involvement in scoping and standing up new solutions for new opportunities, assisting Pre‑Sales team with requirements on new opportunities, demonstrations of SOC tools to clients, continual service improvement – recommendations for change to address incidents or persistent events.

• Must be able to obtain SC Clearance or already hold SC clearance.
• Technical
  
  Skills:
  
  Strong knowledge of log formats, parsing, and normalization. Experience with KQL, SPL, AQL, or other SIEM query languages. Familiarity with scripting (Python, Power Shell) for automation and enrichment.
• Security Knowledge:
  Deep understanding of threat detection, incident response, and cyber kill chain. Familiarity with MITRE ATT&CK, NIST, and CIS frameworks.
• Strong verbal and written English communication.
• Strong interpersonal and presentation skills.
• Strong analytical skills.
• Must have good understanding of network traffic flows and be able to recognise normal and suspicious activities.
• Must have good understanding of vulnerability scanning and management as well as…