Cybersecurity Analyst SOC L2

**About Capgemini**

A global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided everyday by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of 270,000 team members in nearly 50 countries. With its strong 50 year heritage and deep industry expertise, Capgemini is trusted by its clients to address the entire breadth of their business needs, from strategy and design to operations, fueled by the fast evolving and innovative world of cloud, data, AI, connectivity, software, digital engineering and platforms. The Group reported in 2020 global revenues of EUR 16 billion.

Group Cybersecurity creates and manages global security policies, tracks compliance from Business Units and Global Business Lines, provides strong communications, training and awareness campaigns to employees, designs global security architecture based on threats and market evolution, and manages Group Cybersecurity Projects and Operations.

In order to keep building the team, Group Cybersecurity is looking for a Security Analyst SOC L2.

Professionals help to protect an organization by employing a range of security tools and technologies and processes to prevent, detect and manage cyber threats.

You will be working within a team composed of 12 people located internationally as Group Cybersecurity Operations SOC. Your primary role would be to support all activities undertaken by the Threat Intelligence pillar.

You will work with the wider team to prioritize and schedule work within your pillar. You will work with various members of the team to develop and input into technical projects, report, and oversee progress to make sure goals are met.

**What you’ll be tasked with**:
To be a member of the Security Operations Centre (SOC), a team who deliver specific Cybersecurity Services to the CAPGEMINI GROUP. The role is focused on delivering Intrusion Detection / Prevention services and assisting with Investigations as a result of escalated problems and security alerts from client security information & event management systems (SIEM). Additional activities include periodic and ad-hoc host Vulnerability Assessments and Application security assessments. Security policy enforcement is also key, and is achieved through various assurance activities such as auditing Firewalls, and conducting privilege account reviews etc.

You will be responsible for ensuring the integrity of client IT infrastructures and protecting the information systems residing upon them from external and internal attack / compromise.

L2 provide support to L1 services and will analyse security events that have been triaged by L1 services or where further assistance is needed. This will involve responding to incidents and determining the appropriate next steps for the investigation and any remediation action.

Analysts will operate as Subject Matter Experts and will provide the relevant assistance to the L1 SIEM analyst to support them. They will also initiate security incidents, creating tickets, and where appropriate, initiating the process leading to declaration of a major incident.

L2 Analysts will perform slow time analysis of data to identify trends or other suspicious behavior that is not captured by use cases.

They are also responsible for creation and maintenance of playbooks and other processes used by the team along with some basic SIEM administration; including improvements such as Use Case creation and onboarding of devices already supported by the platform.
- Analytics and rule authoring
- Fine tuning of alerting
- Level 2 support for security incidents
- Validate, suggest or create knowledge base articles
- Reviews and updates SIEM security incidents, suspicious events and analyses recommendation
- Work with L1 to decrease false positives
- Creates/maintains dashboards, correlation rules, thresholds etc.
- Report review
**What you’ll need to excel in the role**:

- Knowledge and experience in IT Network Security
- IP Networking
- Experience in the use of Intrusion Detection systems, management and responding to and the tuning of alerts
- Experience in conducting host vulnerability assessments
- Experience in the use of SIEM platforms, preferably IBM QRadar.
- Unix & Microsoft Administration
Vulnerability Awareness / Understanding
- Experience using tools such as IBM Resilient, Falcon Crowdsike, FireEye HX, VirusTotal Enterprise, Onyphe, ThreatQuotient, Shodan, etc