Security Operations Analyst

Overview

Capgemini Government Solutions (CGS) LLC is seeking a Security Operations Analyst to support government clients. The successful applicant will monitor, detect, analyze, and respond to security events across the organization s Microsoft GCC-High and Azure Government environments, supporting protection of systems and data governed by CMMC Level 2, NIST SP 800-171, and FedRAMP High requirements.

• Monitor alerts and security events generated from Microsoft Sentinel, Defender for Cloud, Defender for Endpoint, Defender for Identity, and other SOC tools.
• Perform initial triage, correlation, and investigation of security incidents to determine severity and impact.
• Escalate confirmed incidents and support containment, eradication, and recovery actions.
• Document incident response steps, root-cause analysis, and lessons learned.
• Maintain 24/7 situational awareness coverage through rotating on-call or shift.

• Conduct proactive threat hunting using Sentinel analytics, KQL queries, and custom detection rules.
• Analyze logs and telemetry from endpoints, firewalls, Azure resources, and AVD hosts for anomalous activity.
• Identify potential indicators of compromise (IOCs) and emerging threats within the Azure Government and M365 GCC-High ecosystems.
• Recommend tuning improvements to detections and correlation rules to reduce false positives.

• Support regular vulnerability scans, review results, and track remediation activities.
• Collaborate with infrastructure and Intune teams to validate patch compliance across AVD and Windows 365 assets.
• Monitor Defender Vulnerability Management dashboards and report high-risk exposures to leadership.
• Assist in maintaining asset inventories, vulnerability baselines, and patch metrics.

• Support ongoing CMMC Level 2 and NIST SP 800-171 compliance efforts through control monitoring, evidence collection, and reporting.
• Maintain and update security-related documentation, including incident response plans, SIEM configurations, and POAM items.
• Provide input to the System Security Plan (SSP) on monitoring and incident response controls.
• Participate in internal audits, tabletop exercises, and compliance reviews to ensure readiness.

• Administer SOC and security tools such as Microsoft Sentinel, Defender for Cloud, and Defender for Endpoint.
• Develop custom Sentinel workbooks, dashboards, and KQL queries for enhanced visibility.
• Integrate alerts with Service Now for incident and change management workflows.
• Support automation initiatives using Logic Apps, Playbooks, or Power Shell to streamline incident response.

• Produce daily and weekly SOC summaries, incident metrics, and trend analyses.
• Deliver executive-level reports summarizing threat activity, vulnerabilities, and remediation progress.
• Recommend improvements to SOC processes, escalation procedures, and documentation standards.
• Stay current on evolving threats, tools, and Microsoft security technologies applicable to Azure Government environments.

• US Citizenship is required.
• Eligible to obtain and maintain a Government Security Clearance.
• Bachelor s degree in Cybersecurity, Information Technology, Computer Science, or related field.
• 3+ years of experience in cybersecurity or SOC operations.
• 1+ years working with Microsoft Sentinel, Defender for Cloud, and Defender for Endpoint.
• Experience in Azure Government and Microsoft 365 GCC-High environments.
• Practical experience in log analysis, incident response, and SIEM management.
• Familiarity with compliance frameworks including CMMC Level 2, NIST SP 800-171, and FedRAMP High.

• Proficiency with KQL (Kusto Query Language) and Sentinel analytics.
• Strong understanding of network security, endpoint protection, and cloud security monitoring.
• Experience in integrating alerts and workflows into Service Now or similar ITSM tools.
• Knowledge of Active Directory, Entra  (Azure AD), and conditional access policies.
• Customer service including the resolution of customer escalations, incident handling, and response.

Excellent analytical, investigative, and communication skills; strong documentation discipline and attention to detail.

• Microsoft Certified:
  Cybersecurity Architect Expert or Azure Administrator Associate.
• Security+ (CompTIA), Microsoft Certified:
  Security Operations Analyst Associate, or equivalent.
• GIAC (GCIH, GCIA) or CISSP certification.
• Experience working with Defender for Identity, Purview, and Conditional Access policy design.
• Background in automation (Logic Apps, Power Automate, or Power Shell).
• Prior SOC experience supporting Federal or Defense Industrial Base (DIB) clients.
• Familiarity with incident ticket workflows, evidence collection, and reporting for CMMC Level 2 audits.

Capgemini is a global business and technology transformation partner, helping…