SOC Analyst L2-Senior Security Managed Services Engineer

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive.

Your day at NTT DATA

The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to / support on project work as and when required.

What you'll be doing

Key Responsibilities:

• Proactively monitors the work queues.
• Performs operational tasks to resolve all incidents/requests in a timely manner and within the agreed SLA.
• Updates tickets with resolution tasks performed.
• Identifies, investigates, analyses issues and errors prior to or when they occur, and logs all such incidents in a timely manner.
• Captures all required and relevant information for immediate resolution.
• Provides second level support to all incidents, requests and identifies the root cause of incidents and problems.
• Communicates with other teams and clients for extending support.
• Executes changes with clear identification of risks and mitigation plans to be captured into the change record.
• Follows the shift handover process highlighting any key tickets to be focused on along with a handover of upcoming critical tasks to be carried out in the next shift.
• Escalates all tickets to seek the right focus from CoE and other teams, if needed continue the escalations to management.
• Works with automation teams for effort optimization and automating routine tasks.
• Ability to work across various other resolver group (internal and external) like Service Provider, TAC, etc.
• Identifies problems and errors before they impact a client’s service.
• Provides Assistance to L1 Security Engineers for better initial triage or troubleshooting.
• Leads and manages all initial client escalation for operational issues.
• Contributes to the change management process by logging all change requests with complete details for standard and non-standard including patching and any other changes to Configuration Items.
• Ensures all changes are carried out with proper change approvals.
• Plans and executes approved maintenance activities.
• Audits and analyses incident and request tickets for quality and recommends improvements with updates to knowledge articles.
• Produces trend analysis reports for identifying tasks for automation, leading to a reduction in tickets and optimization of effort.
• May also contribute to / support on project work as and when required.
• May work on implementing and delivering Disaster Recovery functions and tests.
• Performs any other related task as required.

Experience: 5+ years

Education: BE/BTech in Computer Science/Electronics/ECE/EE/ECS/IT Engineering or MCA

Certifications: At least one security certifications viz. CCSA/CEH/CompTIA/GCIH/GCIA

Competencies

• At least one SIEM solution certifications with one or more SIEM/ Security solutions (i.e., RSA NetWitness, Splunk ES, Elastic ELK, HP ArcSight, IBM QRadar Log Rhythm).

• Minimum overall 5 years of experience in handling security related products & services in a reputed organization out of which 3 years’ experience should be in SIEM solution.

• Person should have adequate knowledge of security devices like firewalls, IPS, Web Application Firewall, DDOS, EDR, Incident response, SOAR and other security devices

• Administration of SIEM environment (e.g.: deployment of solution, user management, managing the licenses, upgrades and patch deployment, addition or deletion of log sources, configuration management, change management, report management, manage backup and recovery, etc.)

• Construction of SIEM content required to produce Content Outputs (e.g., filters, active lists, correlation rules, reports, report templates, queries, trends, variables)

• Integration of customized threat intelligence content feeds provided by the Threat Intelligence & Analytics service

• Identifies possible sensor improvements to prevent incidents

• Collects/updates threat intelligence feeds from various sources

• Creates situational awareness briefings

• Co-ordinates with the different departments for incident analysis, containment and remediation

• Liaise with Security monitoring team to discover repeatable process that lead to new content development

• Provides engineering analysis and architectural design of technical solutions

• Knowledge of networking protocols and technologies and network security

• Sound analytical and troubleshooting skill

Knowledge and Attributes:

• Ability to communicate and work across different cultures and social groups.
• Ability to plan activities and projects well in advance, and takes into account possible changing circumstances.
• Ability to maintain a positive outlook at work.
• Ability to work well in a pressurized environment.
• Ability to work hard and put in longer hours when it is necessary.
• Ability to apply active listening techniques such as paraphrasing the message to confirm understanding, probing for further relevant information, and refraining from interrupting.
• Ability to adapt to changing circumstances.
• Ability to place clients at the forefront of all interactions, understanding their requirements, and creating a positive client experience throughout the total client journey.

Key Responsibilities:

• Proactively monitors the work queues.
• Performs operational tasks to resolve all incidents/requests in a timely manner and within the agreed SLA.
• Updates tickets with resolution tasks performed.
• Identifies, investigates, analyses issues and errors prior to or when they occur, and logs all such incidents in a timely manner.
• Captures all required and relevant information for immediate resolution.
• Provides second level support to all incidents, requests and identifies the root cause of incidents and problems.
• Communicates with other teams and clients for extending support.
• Executes changes with clear identification of risks and mitigation plans to be captured into the change record.
• Follows the shift handover process highlighting any key tickets to be focused on along with a handover of upcoming critical tasks to be carried out in the next shift.
• Escalates all tickets to seek the right focus from CoE and other teams, if needed continue the escalations to management.
• Works with automation teams for effort optimization and automating routine tasks.
• Ability to work across various other resolver group (internal and external) like Service Provider, TAC, etc.
• Identifies problems and errors before they impact a client’s service.
• Provides Assistance to L1 Security Engineers for better initial triage or troubleshooting.
• Leads and manages all initial client escalation for operational issues.
• Contributes to the change management process by logging all change requests with complete details for standard and non-standard including patching and any other changes to Configuration Items.
• Ensures all changes are carried out with proper change approvals.
• Plans and executes approved maintenance activities.
• Audits and analyses incident and request tickets for quality and recommends improvements with updates to knowledge articles.
• Produces trend analysis reports for identifying tasks for automation, leading to a reduction in tickets and optimization of effort.
• May also contribute to / support on project work as and when required.
• May work on implementing and delivering Disaster Recovery functions and tests.
• Performs any other related task as required.

Workplace type:

On-site Working

About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo.

Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.