Security Operations Analyst

Capgemini Government Solutions (CGS) LLC is seeking highly motivated Security Operations Analyst to support our government clients. The successful applicant is responsible for monitoring, detecting, analyzing, and responding to security events across the organization's Microsoft GCC-High and Azure Government environments. This role supports the ongoing protection of systems and data governed by CMMC Level 2, NIST SP 800-171, and FedRAMP High requirements.

The position combines hands-on monitoring and triage with proactive threat hunting, vulnerability tracking, and security policy enforcement. The ideal candidate has experience using Microsoft Defender for Cloud, Defender for Endpoint, Sentinel, and other Microsoft security tools deployed within regulated cloud environments.

Job Responsibilities:

As a Security Operations Analyst, you will be responsible for:

Security Monitoring & Incident Response

• Monitor alerts and security events generated from Microsoft Sentinel, Defender for Cloud, Defender for Endpoint, Defender for Identity, and other SOC tools.
• Perform initial triage, correlation, and investigation of security incidents to determine severity and impact.
• Escalate confirmed incidents and support containment, eradication, and recovery actions.
• Document incident response steps, root-cause analysis, and lessons learned.
• Maintain 24O7 situational awareness coverage through rotating on-call or shift

Threat Detection & Analysis

• responsibilities as required.
• Conduct proactive threat hunting using Sentinel analytics, KQL queries, and custom detection rules.
• Analyze logs and telemetry from endpoints, firewalls, Azure resources, and AVD hosts for anomalous activity.
• Identify potential indicators of compromise (IOCs) and emerging threats within the Azure Government and M365 GCC-High ecosystems.
• Recommend tuning improvements to detections and correlation rules to reduce false positives.

Vulnerability & Patch Management

• Support regular vulnerability scans, review results, and track remediation activities.
• Collaborate with infrastructure and Intune teams to validate patch compliance across AVD and Windows 365 assets.
• Monitor Defender Vulnerability Management dashboards and report high-risk exposures to leadership.
• Assist in maintaining asset inventories, vulnerability baselines, and patch metrics.

Compliance, Audit, & CMMC Level 2 Support

• Support ongoing CMMC Level 2 and NIST SP 800-171 compliance efforts through control monitoring, evidence collection, and reporting.
• Maintain and update security-related documentation, including incident response plans, SIEM configurations, and POA&M items.
• Provide input to the System Security Plan (SSP) on monitoring and incident response controls.
• Participate in internal audits, tabletop exercises, and compliance reviews to ensure readiness.

Tool Administration & Optimization

• Administer SOC and security tools such as Microsoft Sentinel, Defender for Cloud, and Defender for Endpoint.
• Develop custom Sentinel workbooks, dashboards, and KQL queries for enhanced visibility.
• Integrate alerts with ServiceNow for incident and change management workflows.
• Support automation initiatives using Logic Apps, Playbooks, or PowerShell to streamline incident response.

Reporting & Continuous Improvement

• Produce daily and weekly SOC summaries, incident metrics, and trend analyses.
• Deliver executive-level reports summarizing threat activity, vulnerabilities, and remediation progress.
• Recommend improvements to SOC processes, escalation procedures, and documentation standards.
• Stay current on evolving threats, tools, and Microsoft security technologies applicable to Azure Government environments.

Required Qualifications:

• US Citizenship is required.
• Eligible to obtain and maintain a Government Security Clearance.
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field.
• 3+ years of experience in cybersecurity or SOC operations.
• 1+ years working with Microsoft Sentinel, Defender for Cloud, and Defender for Endpoint.
• Experience in Azure Government and Microsoft 365 GCC-High environments.
• Practical experience in log analysis, incident response, and SIEM management.
• Familiarity with compliance frameworks including CMMC Level 2, NIST SP 800-171, and FedRAMP High.

Technical Skills:

• Proficiency with KQL (Kusto Query Language) and Sentinel analytics.
• Strong understanding of network security, endpoint protection, and cloud security monitoring.
• Experience in integrating alerts and workflows into ServiceNow or similar ITSM tools.
• Knowledge of Active Directory, Entra ID (Azure AD), and conditional access policies.
• Customer service including the resolution of customer escalations, incident handling, and response.

Soft Skills:

Excellent analytical, investigative, and communication skills; strong documentation discipline and attention to detail.

Nice to have skills/qualifications:

• Microsoft Certified: Cybersecurity Architect Expert or Azure Administrator Associate.
• Security+ (CompTIA), Microsoft Certified: Security Operations Analyst Associate, or equivalent.
• GIAC (GCIH, GCIA) or CISSP certification.
• Experience working with Defender for Identity, Purview, and Conditional Access policy design.
• Background in automation (Logic Apps, Power Automate, or PowerShell).
• Prior SOC experience supporting Federal or Defense Industrial Base (DIB) clients.
• Familiarity with incident ticket workflows, evidence collection, and reporting for CMMC Level 2 audits.

About Capgemini

Capgemini is a global business and technology transformation partner, helping organizations to accelerate their dual transition to a digital and sustainable world, while creating tangible impact for enterprises and society. It is a responsible and diverse group of 340,000 team members in more than 50 countries. With its strong over 55-year heritage, Capgemini is trusted by its clients to unlock the value of technology to address the entire breadth of their business needs. It delivers end-to-end services and solutions leveraging strengths from strategy and design to engineering, all fueled by its market leading capabilities in AI, generative AI, cloud and data, combined with its deep industry expertise and partner ecosystem. The Group reported 2024 global revenues of 22.1 billion.

Get the future you want | www.capgemini.com

Disclaimer

All qualified applicants will be considered for employment based on their skills, and merit.

Please be aware that Capgemini may capture your image (video or screenshot) during the interview process and that image may be used for verification, including during the hiring and onboarding process.

Applicants for employment in the US must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the US by Capgemini.

Capgemini discloses salary range information in compliance with state and local pay transparency obligations. The disclosed range represents the lowest to highest salary we, in good faith, believe we would pay for this role at the time of this posting, although we may ultimately pay more or less than the disclosed range, and the range may be modified in the future. The disclosed range takes into account the wide range of factors that are considered in making compensation decisions including, but not limited to, geographic location, relevant education, qualifications, certifications, experience, skills, seniority, performance, sales or revenue-based metrics, and business or organizational needs. At Capgemini, it is not typical for an individual to be hired at or near the top of the range for their role. The base salary range for the tagged location is $90K-$120k.

This role may be eligible for other compensation including variable compensation, bonus, or commission. Full time regular employees are eligible for paid time off, medical/dental/vision insurance, 401(k), and any other benefits to eligible employees.

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company's sole discretion, consistent with the law.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.