Security Operations Analyst

Overview

Capgemini Government Solutions (CGS) LLC is seeking a Security Operations Analyst to support government clients. The successful applicant will monitor, detect, analyze, and respond to security events across Microsoft GCC-High and Azure Government environments, supporting systems and data governed by CMMC Level 2, NIST SP 800-171, and FedRAMP High requirements.

The role combines hands-on monitoring and triage with proactive threat hunting, vulnerability tracking, and security policy enforcement. Experience with Microsoft Defender for Cloud, Defender for Endpoint, Sentinel, and other Microsoft security tools in regulated cloud environments is preferred.

As a Security Operations Analyst, you will be responsible for:

Security Monitoring & Incident Response

• Monitor alerts and security events from Microsoft Sentinel, Defender for Cloud, Defender for Endpoint, Defender for Identity, and other SOC tools.
• Perform initial triage, correlation, and investigation of security incidents to determine severity and impact.
• Escalate confirmed incidents and support containment, eradication, and recovery actions.
• Document incident response steps, root-cause analysis, and lessons learned.
• Maintain 24x7 situational awareness coverage through rotating on-call or shift responsibilities as required.
• Conduct proactive threat hunting using Sentinel analytics, KQL queries, and custom detection rules.
• Analyze logs and telemetry from endpoints, firewalls, Azure resources, and AVD hosts for anomalous activity.
• Identify potential indicators of compromise (IOCs) and emerging threats within the Azure Government and M365 GCC-High ecosystems.
• Recommend tuning improvements to detections and correlation rules to reduce false positives.

Vulnerability & Patch Management

• Support regular vulnerability scans, review results, and track remediation activities.
• Collaborate with infrastructure and Intune teams to validate patch compliance across AVD and Windows 365 assets.
• Monitor Defender Vulnerability Management dashboards and report high-risk exposures to leadership.
• Assist in maintaining asset inventories, vulnerability baselines, and patch metrics.
• Support ongoing CMMC Level 2 and NIST SP 800-171 compliance efforts through control monitoring, evidence collection, and reporting.
• Maintain and update security-related documentation, including incident response plans, SIEM configurations, and POA&M items.
• Provide input to the System Security Plan (SSP) on monitoring and incident response controls.
• Participate in internal audits, tabletop exercises, and compliance reviews to ensure readiness.

Tool Administration & Optimization

• Administer SOC and security tools such as Microsoft Sentinel, Defender for Cloud, and Defender for Endpoint.
• Develop custom Sentinel workbooks, dashboards, and KQL queries for enhanced visibility.
• Integrate alerts with Service Now for incident and change management workflows.
• Support automation initiatives using Logic Apps, Playbooks, or Power Shell to streamline incident response.
• Produce daily and weekly SOC summaries, incident metrics, and trend analyses.
• Deliver executive-level reports summarizing threat activity, vulnerabilities, and remediation progress.
• Recommend improvements to SOC processes, escalation procedures, and documentation standards.
• Stay current on evolving threats, tools, and Microsoft security technologies applicable to Azure Government environments.

Reporting & Continuous Improvement

• Produce daily and weekly SOC summaries, incident metrics, and trend analyses.
• Deliver executive-level reports summarizing threat activity, vulnerabilities, and remediation progress.
• Recommend improvements to SOC processes, escalation procedures, and documentation standards.
• Stay current on evolving threats, tools, and Microsoft security technologies applicable to Azure Government environments.

• US Citizenship is required.
• Eligible to obtain and maintain a Government Security Clearance.
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
• 3+ years of experience in cybersecurity or SOC operations.
• 1+ years working with Microsoft Sentinel, Defender for Cloud,…