Security Operations Analyst jobs in United States
cer-icon
Apply on Employer Site
company-logo

Capgemini · 19 hours ago

Security Operations Analyst

positionMcLean, VA
timeFull-time
remoteOnsite
seniorityMid Level
money$90K/yr - $120K/yr
date3+ years exp

Capgemini Government Solutions (CGS) LLC is seeking a highly motivated Security Operations Analyst to support government clients. The successful applicant will be responsible for monitoring, detecting, analyzing, and responding to security events across the organization’s Microsoft GCC-High and Azure Government environments.

ConsultingInformation TechnologyInsurTechIT ManagementSoftware
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Monitor alerts and security events generated from Microsoft Sentinel, Defender for Cloud, Defender for Endpoint, Defender for Identity, and other SOC tools
Perform initial triage, correlation, and investigation of security incidents to determine severity and impact
Escalate confirmed incidents and support containment, eradication, and recovery actions
Document incident response steps, root-cause analysis, and lessons learned
Maintain 24×7 situational awareness coverage through rotating on-call or shift
Conduct proactive threat hunting using Sentinel analytics, KQL queries, and custom detection rules
Analyze logs and telemetry from endpoints, firewalls, Azure resources, and AVD hosts for anomalous activity
Identify potential indicators of compromise (IOCs) and emerging threats within the Azure Government and M365 GCC-High ecosystems
Recommend tuning improvements to detections and correlation rules to reduce false positives
Support regular vulnerability scans, review results, and track remediation activities
Collaborate with infrastructure and Intune teams to validate patch compliance across AVD and Windows 365 assets
Monitor Defender Vulnerability Management dashboards and report high-risk exposures to leadership
Assist in maintaining asset inventories, vulnerability baselines, and patch metrics
Support ongoing CMMC Level 2 and NIST SP 800-171 compliance efforts through control monitoring, evidence collection, and reporting
Maintain and update security-related documentation, including incident response plans, SIEM configurations, and POA&M items
Provide input to the System Security Plan (SSP) on monitoring and incident response controls
Participate in internal audits, tabletop exercises, and compliance reviews to ensure readiness
Administer SOC and security tools such as Microsoft Sentinel, Defender for Cloud, and Defender for Endpoint
Develop custom Sentinel workbooks, dashboards, and KQL queries for enhanced visibility
Integrate alerts with ServiceNow for incident and change management workflows
Support automation initiatives using Logic Apps, Playbooks, or PowerShell to streamline incident response
Produce daily and weekly SOC summaries, incident metrics, and trend analyses
Deliver executive-level reports summarizing threat activity, vulnerabilities, and remediation progress
Recommend improvements to SOC processes, escalation procedures, and documentation standards
Stay current on evolving threats, tools, and Microsoft security technologies applicable to Azure Government environments

Qualification

Microsoft SentinelDefender for CloudDefender for EndpointKQLAzure GovernmentNIST SP 800-171CMMC Level 2SIEM managementIncident responseLog analysisNetwork securityCloud security monitoringCustomer serviceDocumentation skills

Required

US Citizenship is required
Eligible to obtain and maintain a Government Security Clearance
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
3+ years of experience in cybersecurity or SOC operations
1+ years working with Microsoft Sentinel, Defender for Cloud, and Defender for Endpoint
Experience in Azure Government and Microsoft 365 GCC-High environments
Practical experience in log analysis, incident response, and SIEM management
Familiarity with compliance frameworks including CMMC Level 2, NIST SP 800-171, and FedRAMP High
Proficiency with KQL (Kusto Query Language) and Sentinel analytics
Strong understanding of network security, endpoint protection, and cloud security monitoring
Experience in integrating alerts and workflows into ServiceNow or similar ITSM tools
Knowledge of Active Directory, Entra ID (Azure AD), and conditional access policies
Customer service including the resolution of customer escalations, incident handling, and response
Excellent analytical, investigative, and communication skills; strong documentation discipline and attention to detail

Preferred

Microsoft Certified: Cybersecurity Architect Expert or Azure Administrator Associate
Security+ (CompTIA), Microsoft Certified: Security Operations Analyst Associate, or equivalent
GIAC (GCIH, GCIA) or CISSP certification
Experience working with Defender for Identity, Purview, and Conditional Access policy design
Background in automation (Logic Apps, Power Automate, or PowerShell)
Prior SOC experience supporting Federal or Defense Industrial Base (DIB) clients
Familiarity with incident ticket workflows, evidence collection, and reporting for CMMC Level 2 audits

Benefits

Paid time off
Medical/dental/vision insurance
401(k)

Company

Capgemini

twittertwittertwitter
Glassdoor3.9
company-logo
Capgemini is a software company that provides consulting, technology, and digital transformation services.
dateFounded in 1967
location
Paris, Ile-de-France, FRA
people-size10001+ employees
web-link
https://www.capgemini.com

Funding

Current Stage
Public Company
Total Funding
$4.72B
2025-09-18Post Ipo Debt· $4.72B
1999-04-01IPO

Leadership Team

leader-logo
Aiman Ezzat
CEO, Capgemini Group
linkedin
leader-logo
Anirban Bose
CEO of Americas Strategic Business Unit
linkedin

Recent News

The French Tech Journal
🤖 La Machine #60: French AI Strike Force Invades Davos
2026-01-22
Business Wire
Nordic Firms Seek Sovereign Clouds for Compliant Modernization
2026-01-22
Business Wire
European Utilities Accelerate Digital Transformation
2026-01-20
Company data provided by crunchbase