Choosing Capgemini means choosing a company where you will be empowered to shape your career in the way you'd like, where you'll be supported and inspired by a collaborative community of colleagues around the world, and where you'll be able to reimagine what's possible. Join us and help the world's leading organizations unlock the value of technology and build a more sustainable, more inclusive world. 

Job Description

SOC Analyst (L1~L3)

Responsibilities:

Operations & Monitoring

• Oversee daily SOC operations including threat monitoring, alert triage, incident investigation, and response coordination.
• Ensure that security incidents are detected, analyzed, prioritized, contained, and remediated efficiently.
• Maintain operational awareness of active incidents, emerging threats, and vulnerabilities.
• Ensure alignment of SOC processes with organizational policies, SLAs, and compliance requirements. 

Technology & Process Optimization

• Manage and optimize SOC tools and technologies, including SIEM, SOAR, EDR/XDR, NDR, and threat intelligence platforms.
• Drive integration and automation initiatives to improve detection efficiency and reduce analyst fatigue.
• Collaborate with security engineering teams to fine-tune correlation rules, detection logic, and data ingestion pipelines.
• Develop and maintain incident response playbooks, escalation procedures, and reporting templates. 

Threat Management & Response 

• Coordinate with the Incident Response, Threat Hunting, and Threat Intelligence teams for proactive defence and rapid incident containment.
• Review major incidents, lead post-incident reviews (PIRs), and ensure lessons learned are applied.
• Maintain strong situational awareness of the global threat landscape and adjust detection strategies accordingly.
• Governance, Reporting & Continuous Improvement
• Report on SOC performance, incident trends, and metrics to executive leadership (CISO, CIO, Risk teams).
• Develop SOC policies, standard operating procedures (SOPs), and compliance documentation.
• Drive maturity improvements based on frameworks such as NIST CSF, MITRE ATT&CK, and ISO 27001.
• Evaluate new technologies and best practices to enhance SOC capabilities and scalability. 

Requirements:

• From 3 to up to 10 years of experience in cybersecurity operations with hand-on experience in SIEM/SOAR, EDR and TI platforms.
• Good to have certifications like CISSP, CISA, CEH, ISO27001 (Implementation). 

Good to have technical skills:

• Understanding of network security, endpoint protection, cloud security, and threat detection technologies.
• Expertise in SIEM platforms (e.g., Splunk, Azure Sentinel, CrowdStrike, ELK, LogRhythm) and SOAR tools (e.g., Cortex XSOAR, Splunk Phantom).
• Familiarity with EDR/XDR tools (CrowdStrike, Defender, Sentinel One) and threat intelligence integration.
• Knowledge of adversary tactics and frameworks such as MITRE ATT&CK, Cyber Kill Chain, and Diamond Model.
• Understanding of cloud and hybrid environments (AWS, Azure, GCP) from a detection and response perspective. 

Preferred Certifications:

• Certified SOC Analyst (CSA)
• GIAC Certified Incident Handler (GCIH)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• GIAC Security Operations Manager (GSOM) or GIAC Cyber Threat Intelligence (GCTI)
• CompTIA CySA+ / CASP+

Capgemini is an AI-powered global business and technology transformation partner, delivering tangible business value. We imagine the future of organizations and make it real with AI, technology and people. With our strong heritage of nearly 60 years, we are a responsible and diverse group of 420,000 team members in more than 50 countries. We deliver end-to-end services and solutions with our deep industry expertise and strong partner ecosystem, leveraging our capabilities across strategy, technology, design, engineering and business operations. The Group reported 2024 global revenues of €22.1 billion.
Make it real |