Onsite SIEM Analyst (Specialised) in Woking

Embedded within an existing Customer SOC, Capgemini supply a level of cyber expertise and corporate experience, assisting the customer in regular SOC activities, as well as proposing new processes and bringing 'best practice' to the workplace. The position is office based.

We are seeking a high-calibre Cyber Security Operations Centre (CSOC) Analyst to monitor and respond to threats in a Critical National Infrastructure (CNI) environment supporting essential energy operations. You will be responsible for real-time security monitoring, triage, investigation, and early incident response, working with security monitoring and incident/event management platforms to identify suspicious activity, validate alerts, and escalate confirmed incidents. This is an operational role requiring strong technical judgement, clear written communication, and the ability to remain effective under time pressure. You will also contribute to continuous improvement by capturing lessons learned from incidents, helping tune detections, and strengthening procedures and documentation.

Hybrid working: The places that you work from day to day will vary according to your role, your needs, and those of the business; it will be a blend of Company offices, client sites, and your home; noting that you will be unable to work at home 100% of the time.

Your role:

• Monitoring & triage: Monitor security events and alerts using industry-standard SIEM / incident & event management platforms (e.g., Elastic, Microsoft Sentinel, Splunk). Perform rapid triage to determine alert validity, severity, scope, and potential business/operational impact. Correlate related events and identify patterns across multiple alerts to reduce duplication and improve incident clarity.
• Investigation & evidence-led analysis: Conduct investigations across endpoint, identity, network and log telemetry; build timelines and hypotheses grounded in evidence. Maintain high-quality investigation records, including the key evidence and the queries/search logic used to reach conclusions (to support peer review, auditability, and reliable handover). Apply foundational host-based forensic concepts (e.g., process ancestry, persistence artefacts, lateral movement indicators, log integrity considerations).
• Incident response & escalation: Handle security incidents from initial identification through to handover to incident management / incident response, ensuring escalations are timely, complete, and actionable. Support containment/mitigation activities where authorised (e.g., coordinating response actions with relevant teams and tooling).
• Continuous improvement & PIR learnings: Custom rule creation: develop and fine-tune detection rules and alerts to identify malicious activity; validate effectiveness and reduce false positives. Identify and implement lessons learned from incidents and post-incident reviews (PIRs) to improve processes, runbooks, and detection logic. Contribute to a culture of quality and standardisation by improving documentation and operational practices.

You can bring your whole self to work. At Capgemini building an inclusive future is part of everyday life and will be part of your working reality. We have built a representative and welcoming environment, for everyone.

Your Skills And Experience:

• Strong knowledge of Linux and Windows operating systems and core networking concepts and technical communication skills with excellent written communication (clear, structured incident notes and stakeholder updates). Demonstrable experience working effectively in time-pressured operational environments.
• Strong foundational knowledge of incident and event management / SIEM platforms (e.g., Elastic / Sentinel / Splunk) and knowledge of query languages used for investigations and detections (e.g., Kusto Query Language (KQL), ES|QL, Kibana Query Language).
• Strong knowledge of Endpoint Detection & Response (EDR) concepts and workflows and knowledge of IDS/IPS concepts and signature-based detection principles.
• Understanding of attacker Tactics, Techniques and Procedures (TTPs) and how they manifest in logs/telemetry and evidence of keeping up to date with threat trends, attacker tradecraft, and emerging defensive techniques.
• Experience handling incidents through to handover to incident management / IR and strong knowledge of host-based forensic concepts and applying PIR learnings to improve outcomes.

Desirable:

• Deep understanding of one or more SIEM technologies; knowledge of Elastic is a bonus.
• GIAC / SANS certifications highly desired (or equivalent credible industry certifications aligned to SOC operations, incident handling, threat detection, or forensic fundamentals).

We are a Disability Confident Employer. Capgemini Is Proud To Be a Disability Confident Employer (Level 2) Under The UK Government’s Disability Confident Scheme. As Part Of Our Commitment To Inclusive Recruitment, We Will Offer An Interview To All Candidates Who Declare they have a disability, and Meet the minimum essential criteria for the role. Please opt in during the application process.

Your security clearance and pre-employment checks: If you are successfully offered this position, you will go through a series of pre-employment checks, including: identity, nationality (single or dual) or immigration status, employment history going back 3 continuous years, and unspent criminal record check (known as Disclosure and Barring Service). Some roles will also require an additional level of security clearance: Security Check (SC) Clearance. To be successfully appointed to this role, it is a requirement to obtain Security Check (SC) clearance. To obtain SC clearance, the successful applicant must have resided continuously within the United Kingdom for the last 5 years, along with other criteria and requirements. Throughout the recruitment process, you will be asked questions about your security clearance eligibility such as, but not limited to, country of residence and nationality. Some posts are restricted to sole UK Nationals for security reasons; therefore, you may be asked about your citizenship in the application process.

Make it real – what does it mean for you?

Flexibility to work your way: You will be encouraged to have a positive work-life balance. Our hybrid-first way of working means we embed hybrid working in all that we do and make flexible working arrangements the day-to-day reality for our people. All UK employees are eligible to request flexible working arrangements.

Your wellbeing: You’d be joining an accredited Great Place to work for Wellbeing in 2024. Employee wellbeing is vitally important to us as an organisation. We see a healthy and happy workforce a critical component for us to achieve our organisational ambitions. To help support wellbeing we have trained ‘Mental Health Champions’ across each of our business areas, and we have invested in wellbeing apps such as Thrive and Peppy.

Shape your path: You will be empowered to explore, innovate, and progress. You will benefit from Capgemini’s ‘learning for life’ mindset, meaning you will have countless training and development opportunities from thinktanks to hackathons, and access to 250,000 courses with numerous external certifications from AWS, Microsoft, Harvard ManageMentor, Cybersecurity qualifications and much more.

Shared energy: You’ll be bringing your unique skills and perspectives to the team, inspiring and taking inspiration from your teammates as you unlock value in everything you do. You’ll be joining a professional community of experts, who have got your back and will support you, every step of the way.

Why should you consider Capgemini? Growing clients’ businesses while building a more sustainable, more inclusive future is a tough ask. When you join Capgemini, you’ll join a thriving company and become part of a collective of free-thinkers, entrepreneurs and industry experts. We find new ways technology can help us reimagine what’s possible. It’s why, together, we seek out opportunities that will transform the world’s leading businesses, and it’s how you’ll gain the experiences and connections you need to shape your future. By learning from each other every day, sharing knowledge, and always pushing yourself to do better, you’ll build the skills you want. You’ll use your skills to help our clients leverage technology to innovate and grow their business. So, it might not always be easy, but making the world a better place rarely is.

About Capgemini: Capgemini is an AI-powered global business and technology transformation partner, delivering tangible business value. We imagine the future of organisations and make it real with AI, technology and people. With our strong heritage of nearly 60 years, we are a responsible and diverse group of over 420,000 team members in more than 50 countries. We deliver end-to-end services and solutions with our deep industry expertise and strong partner ecosystem, leveraging our capabilities across strategy, technology, design, engineering and business operations.