Junior SOC Engineer

The Junior SOC Engineer supports the operation, maintenance, and improvement of SOC detection and response capabilities under the guidance of senior SOC engineers. The role focuses on developing foundational engineering skills across SIEM management, detection use cases, playbooks, and incident support, working under the guidance of senior SOC engineers. The position contributes to improving threat detection, response consistency, and operational effectiveness within the SOC., SIEM Engineering & Operations

• Assist with the deployment, configuration, and ongoing maintenance of SIEM platforms and data feeds.
• Support onboarding, parsing, and normalisation of log sources across on-premises and cloud environments.
• Contribute to the creation, tuning, and maintenance of SIEM detection rules and correlation searches.
• Perform basic health checks and troubleshooting of SIEM data ingestion issues.
• Assist senior engineers and analysts during investigations and incident response activities.
• Support continuous improvement of detections based on incident findings and threat intelligence.
• Support integration of playbooks with SOAR platforms.
• Help update and refine playbooks based on lessons learned and feedback from incidents.
Threat Modelling & Use Case Development
• Participate in threat modelling activities using frameworks such as MITRE ATT&CK and STRIDE.
• Assist in translating threat models and attack techniques into SIEM detection use cases.
Reporting, Documentation & Collaboration
• Assist in building SOC dashboards and reports covering alert trends, incidents, and security posture.
• Maintain documentation for SIEM configurations, detection logic, runbooks, and playbooks.
• Support preparation of operational and monthly service reports as required.
• Collaborate with SOC analysts, engineers, IT, and cloud teams to support secure configurations and logging coverage., We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options., We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.
  
  Technical Skills
• Hands-on experience with SIEM platforms (querying, dashboards, alerts).
• Understanding of log formats, parsing, and data normalisation.
• Working knowledge of SIEM query languages such as SPL, KQL, or AQL.
• Basic scripting ability (Python and/or PowerShell) for automation and enrichment.
• Understanding of network traffic flows and the ability to recognise normal vs suspicious activity.
• Familiarity with vulnerability scanning and vulnerability management concepts.
• Foundational experience with SIEM technologies (e.g. Splunk/QRadar).
• Understanding of log data, alert workflows, and basic threat detection concepts.
• Awareness of common attack techniques and defensive frameworks (e.g. MITRE ATT&CK).
• Basic scripting or automation experience (Python, PowerShell - desirable).
• Good analytical skills and attention to detail.
• Clear written and verbal communication skills.
• Ability to follow defined processes and work effectively with minimal supervision.
Professional Skills
• Strong analytical and problem-solving skills.
• Clear verbal and written communication in English.
• Ability to work effectively as part of a SOC team with minimal supervision.
• Willingness to participate in an on-call rota as part of 24/7 SOC operations.
Education & Experience
• Experience in IT security, ideally within a SOC or NOC environment.
• Experience with ITSM tooling
• Exposure to cloud platforms such as Microsoft Azure and/or AWS.
• Proficiency with Microsoft Office tools, particularly Excel and Word.
• Relevant certifications desirable (e.g. SC-200, Splunk Certified Power User/Admin, GIAC, CISSP, QRadar, Chronicle).
Security Requirements Must be eligible for, or already hold, UK SC Clearance. Willingness to participate in shift patterns and/or on-call rotas where required. Ability to work in a secure environment and meet applicable clearance requirements.

At NTT DATA, you have endless opportunities to think big, act bold and take ownership. As a $30+ billion business and technology services, AI and digital infrastructure leader, we co-innovate solutions with clients and partners globally for business and societal impact. Serving 75% of the Fortune Global 100, with experts in over 70 countries, we encourage experimentation and recognize great work. Proudly a Global Top Employer, NTT DATA is part of NTT Group, which invests over $3 billion annually in R&D. Make this the place where you belong, learn, and build your network. Make this the place where you grow., "Upon joining the NTT DATA UK family, you will experience a culturally diverse organisation living our values of Clients First, Teamwork and Foresight as we partner with our customers every day. At NTT DATA UK, we are proud to support and invest in our people. We offer a variety of rewarding career paths and opportunities to develop professionally - with access to cutting edge innovation."