About The Job You’re Considering
Embedded with an existing Customer SOC, Capgemini supplies a level of cyber expertise and corporate experience, assisting the customer in regular SOC activities, as well as proposing new processes and bringing “best practice” to the workplace.
The position is office based in Wokingham 5 days per week
We are seeking a high calibre Cyber Security Operations Centre (CSOC) Analyst to monitor and respond to threats in a Critical National Infrastructure (CNI) environment supporting essential energy operations. The role requires real‑time security monitoring, triage, investigation, and early incident response, using security monitoring and incident/event management platforms to identify suspicious activity, validate alerts, and escalates confirmed incidents. It also involves continuous improvement, capturing lessons learned, tuning detections, and strengthening procedures and documentation.
Responsibilities
Monitoring & triage
* Monitor security events and alerts using industry-standard SIEM / incident & event management platforms (e.g., Elastic, Microsoft Sentinel, Splunk).
* Perform rapid triage to determine alert validity, severity, scope, and potential business/operational impact.
* Correlate related events and identify patterns across multiple alerts to reduce duplication and improve incident clarity.
Investigation & evidence‑led analysis
* Conduct investigations across endpoint, identity, network and log telemetry; build timelines and hypotheses grounded in evidence.
* Maintain high‑quality investigation records, including key evidence and the queries/search logic used to reach conclusions (to support peer review, auditability, and reliable handover).
* Apply foundational host‑based forensic concepts (e.g., process ancestry, persistence artefacts, lateral movement indicators, log integrity considerations).
Incident response & escalation
* Handle security incidents from initial identification through to handover to incident management / incident response, ensuring escalations are timely, complete, and actionable.
* Support containment/mitigation activities where authorised (e.g., coordinating response actions with relevant teams and tooling).
Continuous improvement & PIR learnings
* Custom rule creation: develop and fine‑tune detection rules and alerts to identify malicious activity; validate effectiveness and reduce false positives.
* Identify and implement lessons learned from incidents and post‑incident reviews (PIRs) to improve processes, runbooks, and detection logic.
* Contribute to a culture of quality and standardisation by improving documentation and operational practices.
Skills and Experience
* Strong technical communication skills in time‑pressed environments with excellent written communication (clear, structured incident notes and stakeholder updates).
* Strong foundational knowledge of incident and event management / SIEM platforms (e.g., Elastic / Sentinel / Splunk) and use of query languages used for investigations and detections (e.g., Kusto Query Language (KQL), ES|QL, Kibana Query Language).
* Understanding attacker tactics, techniques, and procedures (TTPs) as well as detecting indicators of compromise (IOCs) and knowing how to locate them in logs or telemetry.
* Evidence of keeping up to date with industry specific threat trends, attacker tradecraft, and emerging defensive techniques.
* Experience of the complete lifecycle of security incidents from initial detection, triage, raising to IR teams, response, remediation and PIR learnings.
Desirable
* Deep understanding of one or more SIEM technologies; knowledge of Elastic is a bonus.
* GIAC / SANS certifications highly desired (or equivalent credible industry certifications aligned to SOC operations, incident handling, threat detection, or forensic fundamentals).
Disability Confident Employer
Capgemini is proud to be a Disability Confident Employer (Level 2) under the UK Government’s Disability Confident scheme. We will offer an interview to all candidates who declare they have a disability and meet the minimum essential criteria for the role. Please opt in during the application process.
Your security clearance and pre‑employment checks
To be successfully appointed to this role, a Security Check (SC) clearance is required. The successful applicant must have resided continuously within the United Kingdom for the last five years, along with other criteria and requirements. The recruitment process will include questions about security clearance eligibility such as country of residence and nationality. Some posts are restricted to sole UK nationals for security reasons.
#J-18808-Ljbffr