About the job you’re considering
Embedded with an existing Customer SOC, Capgemini supplies a level of cyber expertise and corporate experience, assisting the customer in regular SOC activities, proposing new processes and bringing 'best practice' to the workplace. The position is office based in Wokingham 5 days per week.
Your role
We are seeking specialist high calibre Cyber Security Operations Centre (CSOC) Analysts to monitor and respond to threats in a Critical National Infrastructure (CNI) environment supporting essential energy operations. You will be responsible for real‑time security monitoring, triage, investigation, and early incident response, working with security monitoring and incident/event management platforms to identify suspicious activity, validate alerts, and escalation confirmed incidents. This is an operational role requiring strong technical judgement, clear written communication, and the ability to remain effective under time pressure. You will also contribute to continuous improvement by capturing lessons learned from incidents, helping tune detections, and strengthening procedures and documentation.
Responsibilities
* Monitor security events and alerts using industry‑standard SIEM/incident & event management platforms (Elastic, Microsoft Sentinel, Splunk).
* Perform rapid triage to determine alert validity, severity, scope, and potential business/operational impact.
* Correlate related events and identify patterns across multiple alerts to reduce duplication and improve incident clarity.
* Conduct investigations across endpoint, identity, network and log telemetry; build timelines and hypotheses grounded in evidence.
* Maintain high‑quality investigation records, including key evidence and the queries/search logic used to reach conclusions.
* Apply host‑based forensic concepts (process ancestry, persistence artefacts, lateral movement indicators, log integrity).
* Handle security incidents from initial identification through to handover to incident management / incident response, ensuring escalations are timely, complete and actionable.
* Support containment/mitigation activities where authorised.
* Develop and fine‑tune detection rules and alerts; validate effectiveness and reduce false positives.
* Identify and implement lessons learned from incidents and post‑incident reviews to improve processes, runbooks, and detection logic.
* Contribute to documentation and operational practice improvements.
Required skills and experience
* Strong technical communication skills in time‑pressured environments with excellent written communication.
* Foundational knowledge of incident and event management / SIEM platforms (Elastic, Sentinel, Splunk) and query languages (KQL, ES|QL, Kibana Query Language).
* Understanding of attacker tactics, techniques, and procedures (TTPs) and detection of indicators of compromise (IOCs).
* Evidence of keeping up‑to‑date with threat trends and defensive techniques.
* Experience with the complete lifecycle of security incidents from detection to PIR learnings.
* Security Check (SC) clearance required; eligibility: resident of the United Kingdom continuously for the last 5 years.
Desirable
* Deep understanding of one or more SIEM technologies; knowledge of Elastic is a bonus.
* GIAC / SANS certifications or equivalent credible industry certifications aligned to SOC operations, incident handling, threat detection, or forensic fundamentals.
Equal opportunity statement
We are a Disability Confident Employer (Level 2) and welcome applications from all candidates. We are an equal‑opportunity employer and comply with all applicable laws.
#J-18808-Ljbffr