Group Cybersecurity creates and manages global security policies, tracks compliance from Business Units and Global Business Lines, provides strong communications, training and awareness campaigns to employees, designs global security architecture based on threats and market evolution, and manages Group Cybersecurity Projects and Operations.
In order to keep building the team, Group Cybersecurity is looking for a Security Analyst SOC L2.
Professionals help to protect an organization by employing a range of security tools and technologies and processes to prevent, detect and manage cyber threats.
You will be working within a team composed of 12 people located internationally as Group Cybersecurity Operations SOC. Your primary role would be to support all activities undertaken by the Threat Intelligence pillar.
You will work with the wider team to prioritize and schedule work within your pillar. You will work with various members of the team to develop and input into technical projects, report, and oversee progress to make sure goals are met.
To be a member of the Security Operations Centre (SOC), a team who deliver specific Cybersecurity Services to the CAPGEMINI GROUP. The role is focused on delivering Intrusion Detection / Prevention services and assisting with Investigations as a result of escalated problems and security alerts from client security information & event management systems (SIEM). Additional activities include periodic and ad-hoc host Vulnerability Assessments and Application security assessments. Security policy enforcement is also key, and is achieved through various assurance activities such as auditing Firewalls, and conducting privilege account reviews etc.
You will be responsible for ensuring the integrity of client IT infrastructures and protecting the information systems residing upon them from external and internal attack / compromise.
L2 provide support to L1 services and will analyse security events that have been triaged by L1 services or where further assistance is needed. This will involve responding to incidents and determining the appropriate next steps for the investigation and any remediation action.
Analysts will operate as Subject Matter Experts and will provide the relevant assistance to the L1 SIEM analyst to support them. They will also initiate security incidents, creating tickets, and where appropriate, initiating the process leading to declaration of a major incident.
L2 Analysts will perform slow time analysis of data to identify trends or other suspicious behavior that is not captured by use cases.
They are also responsible for creation and maintenance of playbooks and other processes used by the team along with some basic SIEM administration; including improvements such as Use Case creation and onboarding of devices already supported by the platform.
- Analytics and rule authoring
- Fine tuning of alerting
- Level 2 support for security incidents
- Validate, suggest or create knowledge base articles
- Reviews and updates SIEM security incidents, suspicious events and analyses recommendation
- Work with L1 to decrease false positives
- Creates/maintains dashboards, correlation rules, thresholds etc.
- Report review
Profile / Competencies
- Knowledge and experience in IT Network Security
- IP Networking
- Experience in the use of Intrusion Detection systems, management and responding to and the tuning of alerts
- Experience in conducting host vulnerability assessments
- Experience in the use of SIEM platforms, preferably IBM QRadar.
- Unix & Microsoft Administration
- Experience in conducting application vulnerability assessments
- Vulnerability Awareness / Understanding
- Experience using tools such as IBM Resilient, Falcon Crowdsike, FireEye HX, VirusTotal Enterprise, Onyphe, ThreatQuotient, Shodan, etc…
Candidates should be flexible / willing to work across this delivery landscape which includes and not limited to Agile Applications Development, Support and Deployment.
Applicants for employment in the US must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the US by Capgemini.
Capgemini is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity/expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status or any other characteristic protected by law.
This is a general description of the Duties, Responsibilities and Qualifications required for this position. Physical, mental, sensory or environmental demands may be referenced in an attempt to communicate the manner in which this position traditionally is performed. Whenever necessary to provide individuals with disabilities an equal employment opportunity, Capgemini will consider reasonable accommodations that might involve varying job requirements and/or changing the way this job is performed, provided that such accommodations do not pose an undue hardship.
Click the following link for more information on your rights as an Applicant : http://www.capgemini.com/resources/equal-employment-opportunity-is-the-law
Capgemini is a global leader in consulting, digital transformation, technology and engineering services. The Group is at the forefront of innovation to address the entire breadth of clients’ opportunities in the evolving world of cloud, digital and platforms. Building on its strong 50-year+ heritage and deep industry-specific expertise, Capgemini enables organizations to realize their business ambitions through an array of services from strategy to operations. Capgemini is driven by the conviction that the business value of technology comes from and through people. Today, it is a multicultural company of 270,000 team members in almost 50 countries. With Altran, the Group reported 2019 combined revenues of €17billion.
Visit us at www.capgemini.com. People matter, results count.