The team you'll be working with:

Security Tooling Engineer

About Us

NTT DATA is one of the world’s largest global security services providers, with over 7,500 security SMEs. We work with leading security technology vendors and pride ourselves on delivering innovative and effective solutions. Our people, clients, and communities are at the core of what we do. We’re seeking individuals passionate about building a more secure and sustainable world.

What you'll be doing:

 

The Security Tooling Engineer is responsible for the operation, maintenance, integration, and optimization of security platforms and tools that support the delivery of security services across NTT DATA and Service Recipients. This role ensures that security tooling operates reliably, integrates seamlessly with enterprise infrastructure, and complies with governance requirements outlined.

Key Responsibilities

Platform Operations & Maintenance

\tOperate and maintain security platforms in accordance with agreed Service Level Agreements (SLAs) as defined in Service Levels and KPIs\tEnsure high availability, performance, and reliability of all security tooling\tMonitor platform health and proactively address performance issues\tManage platform upgrades, patches, and version control\tProvide monthly health and performance reports for all managed security platforms

Data Source Management & Integration

\tManage onboarding of data sources to security platforms (e.g., log sources to SIEM)\tConfigure data parsing, normalization, and enrichment to ensure data quality\tDesign and maintain dashboards and visualizations for security monitoring and reporting\tEnsure integration with other Security Services and Tooling across the ecosystem\tIntegrate security tools with recipients clients or Global's Splunk SIEM, CMDB, and ticketing systems\tImplement SSO (Single Sign-On) and MFA (Multi-Factor Authentication) integration with recipient clients or  Global's identity and access management systems

Access Management & Governance

\tEnforce Role-Based Access Control (RBAC) across all security platforms\tConduct quarterly access reviews to ensure least-privilege access\tManage user provisioning and deprovisioning for Global, Service Recipients, and authorized Supplier personnel\tMaintain auditable logs of all access changes\tEnsure all access changes are logged and auditable per clients requirements

Configuration & Change Management

\tManage security tool configurations in accordance with the Change Control Procedure\tDocument all configuration changes and maintain configuration baselines\tEnsure configuration changes are approved by Global and/or Service Recipients before implementation\tMaintain configuration management database (CMDB) entries for all security tooling\tSupport configuration audits and compliance reviews

Vulnerability & Patch Management

\tPerform vulnerability scans of security tooling platforms in line with Vulnerability Management Service requirements\tApply patches within timelines defined by recipient clients or Global policies and standards\tReport remediation status monthly\tEscalate unpatched critical vulnerabilities immediately to recipient clients or Global service\tEnsure security tooling platforms comply with recipient client or Global's patching policies

Incident & Problem Management

\tReport tooling-related incidents (outages, performance issues, security events) to Global and or Service Recipients immediately\tSupport Third Party vendor cases where Supplier actions affect system availability, integrity, or confidentiality\tProvide written notice of vulnerability disclosures and critical defects in tooling without undue delay\tProvide impact assessments and work-around proposals for tooling issues\tLog all tooling-related incidents and vulnerabilities in the agreed ticketing system\tProvide monthly reports detailing incident trends, vulnerability status, and remediation progress

Tooling Replacement & Migration

\tSupport tooling replacement activities when recipient clients or Global decides to replace existing tools\tParticipate in hypercare activities for Replacement Tooling up to and including implementation date\tEnsure seamless migration of configurations, data, and integrations to new platforms\tRetrain on new tooling as required clients\tCease use of Replaced Tooling by the specified replacement date

Security Tooling Portfolio Management

Manage and maintain the following categories of security tools:

Security Operations Tools

\tSIEM (Security Information and Event Management) - e.g., Splunk\tEDR (Endpoint Detection and Response)\tSOAR (Security Orchestration, Automation and Response)\tThreat Intelligence Platforms\tVulnerability Scanners (e.g., Qualys, Tenable)\tBrand Protection and Domain Monitoring Tools\tCertificate Authority (CA) and PKI Management Platforms

Security Architecture & Engineering Tools

\tSAST (Static Application Security Testing) - e.g., Checkmarx, Fortify\tDAST (Dynamic Application Security Testing) - e.g., Burp Suite, OWASP ZAP\tSCA (Software Composition Analysis) - e.g., Snyk, Black Duck\tCSPM (Cloud Security Posture Management) - e.g., Prisma Cloud, Wiz\tContainer Scanning Tools\tPenetration Testing Tools

Information Security Tools

\tThird Party Risk Management Platforms\tCase Management Systems for Third Party Security Assessments

Service Support Tools

\tSecurity Service Desk Ticketing Systems (e.g., Jira, ServiceNow)\tReporting and Dashboard Platforms

Exit & Offboarding Support

\tUpon expiry/termination of tooling contracts or at Global's request:\tReturn all configurations, runbooks, and artifacts\tEnsure orderly transfer of Supplier-created content\tSupport account de-provisioning\tReturn/destroy data per Global/Service Recipient policies\tProvide detailed handover plans for tooling transition to Global, Service Recipients, or Replacement Suppliers What experience you'll bring:

Certifications (Required)

At least one of the following:

\tSplunk Certified Admin / Splunk Certified Architect\tCertified Information Systems Security Professional (CISSP)\tGIAC Security Essentials (GSEC)\tCompTIA Security+

Certifications (Preferred)

\tVendor-specific certifications for managed tools (e.g., Qualys, Tenable, Palo Alto Networks)\tITIL Foundation or higher\tCloud certifications (AWS, Azure, GCP)\tAutomation certifications (Ansible, Terraform)

Experience

\tMinimum 4 years of experience in security operations, security engineering, or IT systems administration\tMinimum 2 years of hands-on experience with SIEM platforms (preferably Splunk)\tProven experience managing security tooling in enterprise environments\tExperience with integration of security tools with enterprise infrastructure (IAM, CMDB, ticketing)\tDemonstrated experience with access management and RBAC implementation\tExperience with vulnerability management and patch management processes

Technical Skills

Security Platforms

\tSIEM: Splunk (required), QRadar, ArcSight, LogRhythm, Sentinel\tEDR: CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender\tSOAR: Splunk Phantom, Palo Alto Cortex XSOAR, IBM Resilient\tVulnerability Management: Qualys, Tenable, Rapid7\tThreat Intelligence: Recorded Future, ThreatConnect, MISP

Integration & Automation

\tREST APIs and API integration\tScripting: Python, PowerShell, Bash\tAutomation tools: Ansible, Terraform, Jenkins\tData formats: JSON, XML, CSV, Syslog, CEF

Infrastructure & Networking

\tLinux and Windows server administration\tNetworking fundamentals (TCP/IP, DNS, firewalls, proxies)\tCloud platforms: AWS, Azure, GCP\tContainerization: Docker, Kubernetes

Identity & Access Management

\tSSO protocols: SAML, OAuth, OpenID Connect\tMFA solutions: Duo, Okta, Azure MFA\tLDAP/Active Directory integration\tRBAC design and implementation

Data & Reporting

\tLog management and parsing\tData normalization and enrichment\tDashboard and visualization design (Splunk, Grafana, Kibana)\tReporting and metrics

Frameworks & Standards

\tClients Global Security Control Framework\tISO 27001, NIST Cybersecurity Framework, CIS Benchmarks\tITIL service management practices\tChange management and configuration management

Soft Skills

\tStrong problem-solving and troubleshooting abilities\tExcellent attention to detail\tEffective communication skills (written and verbal)\tAbility to work collaboratively across teams\tCustomer service orientation\tAbility to manage multiple priorities and deadlines\tProactive and self-motivated

Key Performance Indicators (KPIs)

\tPlatform uptime and availability (per SLA targets)\tIncident response time for tooling issues\tMonthly health report delivery timeliness and quality\tAccess review completion rate (quarterly)\tVulnerability remediation timeliness\tIntegration success rate (new data sources, new tools)\tUser satisfaction with tooling performance\tCompliance with stated requirements

 

Who we are:

We’re a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.

Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.

For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA

what we'll offer you:

We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.

You can find more information about NTT DATA UK & Ireland here: https://uk.nttdata.com/

We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.

Back to search Email to a friend Apply now