SOC Analyst

• U.S Citizenship: Required

Role will eventually be in Austin, TX must be willing to work there when required.

Responsibilities:

• Investigate alerts from any/all monitoring platforms as they occur.

• This includes SIEMs, Endpoint tools, IDS, etc.

• Function as an escalation point for investigations from "Level I" (L1) analysts requiring assistance/further investigation.

• Working with analysts (as needed) to investigate and triage security incidents for which they may be unfamiliar and require assistance.

• Assisting L1 analysts with investigations under increased examination by the customer - such as those that are returned by the customer or being presented.

• Performing spot-checks (as needed) of L1 analysts' investigations for accuracy.

• Function as an SME for one or more technology areas supported by the SOC.

• This may include internal technologies used for monitoring customers or customer-owned platforms.

• The SME is responsible for keeping all relevant procedural documentation up to date in the Capgemini SOC Field Manual.

• The SME is responsible for performing training on supported platforms (as needed).

• The SME is responsible for interfacing with internal and customer teams (as needed) to support the technology for monitoring purposes. This may include being involved in projects objectives.

• Internal Status, Meetings, Etc.

• Weekly status reports are not currently required by L2 analysts but may be in the future.

• Task tracking of objectives defined by SOC Leadership may be required.

• Participation and/or ownership of internal analyst meetings may be required (as needed).

Client Responsibilities:

• Function as a technical point of contact for one or more customers.

• This includes establishing a relationship with counterparts at the customer to help execute the Statement of Work (SOW) and Standard Operating Procedure (SOP). These documents should be converted into procedures and kept up to date by the L2.

• Take the lead on any investigations which require further examination by the customer.

• If applicable function as a liaison between internal and customer's teams to support monitoring.

• This may include working with other internal MDR teams to improve monitoring capabilities or to support current operations

Requirements:

• Security Event Detection, Triage, Analysis, and Response, Investigative Process, Remediation Techniques, Documenting Findings, Log Analysis, Host-based Analysis

• Network Traffic Analysis, Email Analysis, OSINT, Cyber Kill Chain, MITRE

• Experience with SIEM platforms, such as: Devo, Elastic, Splunk ES, QRadar, SumoLogic, Azure Sentinel, AlienVault, NetWitness, ArcSight

• Experience with Endpoint Protection platforms, such as: SentinelOne, CrowdStrike Falcon, Tanium, Endgame, MDE/MS Defender, Symantec Endpoint Protection, Cybereason, McAfee ePO

Experience with SOAR platforms, such as:

• Cortex XSOAR, Siemplify, Splunk Phantom, IBM Resilient, Swimlane

• Experience with other security monitoring or data collection platforms, such as: MISP. Proofpoint, Gigamon ThreatINSIGHT/FortiNDR (or other IDS/IPS tools)

• Sandbox platforms (Joe Sandbox, VMRay, Hatching, etc.)

• Ticketing Systems (ServiceNow, Archer, Jira, etc.)

• Working Hours: Non-traditional business hours (ex. Potentially night, with one weekend day) as needed or as part of a scheduled shift.

• Education: Bachelor's degree or higher preferred

• Experience: 4+ Years in a 24x7 security operations environment, previous L1 Analyst type role

• Certifications: Security industry specific certifications are a plus (SEC+, NET+, CEH, GCIH, GCFA, OSCP etc.)

• The L2 analyst is responsible for working an assigned shift. This may be any shift timeslot assigned by SOC Leadership.

• All shifts are based on a four 10-hour shift schedule (i.e., all shifts last 10 hours and take place on four consecutive days for a total of 40 hours per week). This schedule is assigned by SOC Leadership and may change at the discretion of management.

About Capgemini

Capgemini is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided everyday by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of nearly 350,000 team members in more than 50 countries. As we leverage cloud, data, AI, connectivity, software, digital engineering, and platforms to address the entire breadth of business needs, this passion drives a powerful commitment. To unlock the true value of technology for your business, our planet, and society for a more inclusive, sustainable future.

Get The Future You Want | www.capgemini.com

About Cloud Infrastructure Services (CIS):

CIS powers enterprises' business and technology digital transformation by accelerating change, reinforcing cybersecurity, empowering employees, managing complexity, and fostering adaptability. Working across sectors in 50+ countries, our 30,000 cloud professionals apply our world-class expertise with cloud leaders to offer bespoke, ongoing cloud, infrastructure, cybersecurity, digital workplace, and enterprise service management support.

Leveraging our close partnerships with leading cloud vendors and advanced intelligence from our global operations centers, our CIS teams are trusted by clients to securely navigate in today's dynamic business environments, driving forward business value so they get the future they want. Our unique approach to infrastructure connects solutions, services, and suppliers to implement integrated solutions across the IT supply chain, public and private clouds, and legacy environments, helping clients optimize their digital transformation journeys.

Our five key service areas are:

• Cloud Services: Exploiting the cloud at speed and scale

• Employee Experience Services: Making the "future of work" work for our clients

• Cybersecurity Services: Securing Foundations to Create Open Futures

• Enterprise Service Management: Taking charge of complexity to drive business value

• Infrastructure Services: Managing and modernizing IT estates

Applicants for employment in the US must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the US by Capgemini.

Please be aware that Capgemini may capture your image (video or screenshot) during the interview process. That image may be used for verification, including during the hiring and onboarding.