Logo of Huzzle

Home

Matches

Explore

Manage

SOC Analyst

image

Capgemini

Jul 20, 2024

Applications are closed

  • Job
    Full-time
    Mid & Senior Level
  • Software Engineering
  • Austin

Requirements

  • Security Event Detection, Triage, Analysis, and Response, Investigative Process, Remediation Techniques, Documenting Findings, Log Analysis, Host-based Analysis
  • Network Traffic Analysis, Email Analysis, OSINT, Cyber Kill Chain, MITRE
  • Experience with SIEM platforms, such as: Devo, Elastic, Splunk ES, QRadar, SumoLogic, Azure Sentinel, AlienVault, NetWitness, ArcSight
  • Experience with Endpoint Protection platforms, such as: SentinelOne, CrowdStrike Falcon, Tanium, Endgame, MDE/MS Defender, Symantec Endpoint Protection, Cybereason, McAfee ePO
  • Experience with SOAR platforms, such as:
  • Cortex XSOAR, Siemplify, Splunk Phantom, IBM Resilient, Swimlane
  • Experience with other security monitoring or data collection platforms, such as: MISP. Proofpoint, Gigamon ThreatINSIGHT/FortiNDR (or other IDS/IPS tools)
  • Sandbox platforms (Joe Sandbox, VMRay, Hatching, etc.)
  • Ticketing Systems (ServiceNow, Archer, Jira, etc.)
  • Working Hours: Non-traditional business hours (ex. Potentially night, with one weekend day) as needed or as part of a scheduled shift.
  • Education: Bachelor’s degree or higher preferred
  • Experience: 4+ Years in a 24x7 security operations environment, previous L1 Analyst type role
  • Certifications: Security industry specific certifications are a plus (SEC+, NET+, CEH, GCIH, GCFA, OSCP etc.)
  • The L2 analyst is responsible for working an assigned shift. This may be any shift timeslot assigned by SOC Leadership.
  • All shifts are based on a four 10-hour shift schedule (i.e., all shifts last 10 hours and take place on four consecutive days for a total of 40 hours per week). This schedule is assigned by SOC Leadership and may change at the discretion of management.

Responsibilities

  • Investigate alerts from any/all monitoring platforms as they occur.
  • This includes SIEMs, Endpoint tools, IDS, etc.
  • Function as an escalation point for investigations from “Level I” (L1) analysts requiring assistance/further investigation.
  • Working with analysts (as needed) to investigate and triage security incidents for which they may be unfamiliar and require assistance.
  • Assisting L1 analysts with investigations under increased examination by the customer – such as those that are returned by the customer or being presented.
  • Performing spot-checks (as needed) of L1 analysts’ investigations for accuracy.
  • Function as an SME for one or more technology areas supported by the SOC.
  • This may include internal technologies used for monitoring customers or customer-owned platforms.
  • The SME is responsible for keeping all relevant procedural documentation up to date in the Capgemini SOC Field Manual.
  • The SME is responsible for performing training on supported platforms (as needed).
  • The SME is responsible for interfacing with internal and customer teams (as needed) to support the technology for monitoring purposes. This may include being involved in projects objectives.
  • Internal Status, Meetings, Etc.
  • Weekly status reports are not currently required by L2 analysts but may be in the future.
  • Task tracking of objectives defined by SOC Leadership may be required.
  • Participation and/or ownership of internal analyst meetings may be required (as needed).
  • Client Responsibilities:
  • Function as a technical point of contact for one or more customers.
  • This includes establishing a relationship with counterparts at the customer to help execute the Statement of Work (SOW) and Standard Operating Procedure (SOP). These documents should be converted into procedures and kept up to date by the L2.
  • Take the lead on any investigations which require further examination by the customer.
  • If applicable function as a liaison between internal and customer’s teams to support monitoring.
  • This may include working with other internal MDR teams to improve monitoring capabilities or to support current operations

FAQs

What are the primary responsibilities of a SOC Analyst?

The primary responsibilities include investigating alerts from various monitoring platforms, functioning as an escalation point for Level I analysts, assisting in security incident triage, conducting spot-checks on L1 investigations, serving as a subject matter expert (SME) for specific technologies, and maintaining relevant procedural documentation.

What monitoring platforms will I be working with as a SOC Analyst?

You will work with various monitoring platforms, including SIEMs (e.g., Devo, Elastic, Splunk ES, QRadar), endpoint protection platforms (e.g., SentinelOne, CrowdStrike Falcon), and other security monitoring tools such as MISP and Proofpoint.

What is expected from the SOC Analyst in terms of client interaction?

The SOC Analyst is expected to function as a technical point of contact for one or more customers, establish relationships with customer counterparts, lead investigations requiring customer examination, and act as a liaison between internal and customer teams.

What qualifications are required for this SOC Analyst position?

Candidates should have experience in security event detection, incident analysis, and response, with skills in log analysis, network traffic analysis, and familiarity with various security frameworks. A bachelor's degree is preferred, along with at least 4 years of experience in a 24x7 security operations environment.

Are there specific certifications that are beneficial for this SOC Analyst role?

Yes, certifications such as Security+, Network+, CEH, GCIH, GCFA, and OSCP are considered advantageous for this position.

What are the working hours for this SOC Analyst position?

The position requires working non-traditional business hours, potentially including nights and one weekend day, as part of a scheduled shift.

What kind of experience is necessary for this role?

Candidates should have a minimum of 4 years of experience working in a security operations environment, preferably in a Level I analyst role prior to applying for the Level II position.

Will the SOC Analyst need to provide training or documentation?

Yes, the SOC Analyst, particularly those serving as SMEs, will be responsible for keeping procedural documentation up to date and may also need to provide training on supported platforms when necessary.

What is the shift schedule for a SOC Analyst?

The SOC Analyst will work on a four 10-hour shift schedule, totaling 40 hours per week, with the specific schedule assigned by SOC Leadership. Shift times may be subject to change at management's discretion.

Is there any task tracking expected from the SOC Analyst?

Yes, the SOC Analyst may be required to track objectives defined by SOC Leadership and participate in or own internal analyst meetings as needs arise.

What tools or platforms should a SOC Analyst be familiar with regarding incident response?

A SOC Analyst should be familiar with SOAR platforms such as Cortex XSOAR or Splunk Phantom, sandbox platforms like Joe Sandbox or VMRay, and ticketing systems including ServiceNow, Jira, or Archer for managing incidents.

image

Capgemini

Get the Future You Want

Technology
Industry
10,001+
Employees
1967
Founded Year

Mission & Purpose

Capgemini is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided everyday by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of 360,000 team members in more than 50 countries. With its strong 55-year heritage and deep industry expertise, Capgemini is trusted by its clients to address the entire breadth of their business needs, from strategy and design to operations, fueled by the fast evolving and innovative world of cloud, data, AI, connectivity, software, digital engineering and platforms. The Group reported in 2022 global revenues of €22 billion.