×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Security Manager

Onsite SIEM Analyst

Remote / Online - Candidates ideally in
Woking, Surrey County, GU22, England, UK
Listing for: Capgemini
Remote/Work from Home position
Listed on 2026-06-04
Job specializations:
  • IT/Tech
    Cybersecurity, Security Manager
Salary/Wage Range or Industry Benchmark: 60000 - 80000 GBP Yearly GBP 60000.00 80000.00 YEAR
Job Description & How to Apply Below

About The Job You’re Considering

Embedded within an existing Customer SOC, Capgemini supply a level of cyber expertise and corporate experience, assisting the customer in regular SOC activities, as well as proposing new processes and bringing "best practice" to the workplace. The position is office based.

We are seeking a high‑calibre Cyber Security Operations Centre (CSOC) Analyst to monitor and respond to threats in a Critical National Infrastructure (CNI) environment supporting essential energy operations. You will be responsible for real‑time security monitoring, triage, investigation, and early incident response, working with security monitoring and incident/event management platforms to identify suspicious activity, validate alerts and escalater confirmed incidents. This is an operational role requiring strong technical judgement, clear written communication, and the ability to remain effective under time pressure.

You will also contribute to continuous improvement by capturing lessons learned from incidents, helping tune detections, and strengthening procedures and documentation.

Hybrid working: The places that you work from day to day will vary according to your role, your needs and those of the business; it will be a blend of company offices, client sites and home. Note you will be unable to work from home 100% of the time.

Your Role
  • Monitoring & triage – Monitor security events and alerts using industry‑standard SIEM / incident & event management platforms (e.g., Elastic, Microsoft Sentinel, Splunk). Perform rapid triage to determine alert validity, severity, scope and potential business/operational impact. Correlate related events and identify patterns across multiple alerts to reduce duplication and improve incident clarity.
  • Investigation & evidence‑led analysis – Conduct investigations across endpoint, identity, network and log telemetry; build timelines and hypotheses grounded in evidence. Maintain high‑quality investigation records, including the key evidence and the queries/search logic used to reach conclusions (to support peer review, auditability and reliable hand‑over). Apply host‑based forensic concepts (e.g., process ancestry, persistence artefacts, lateral movement indicators, log integrity considerations).
  • Incident response & escalation – Handle security incidents from initial identification through to handover to incident management / incident response, ensuring escalations are timely, complete and actionable. Support containment/mitigation activities where authorised (e.g., coordinating response actions with relevant teams and tooling).
  • Continuous improvement & PIR learnings – Custom rule creation: develop and fine‑tune detection rules and alerts to identify malicious activity; validate effectiveness and reduce false positives. Identify and implement lessons learned from incidents and post‑incident reviews (PIRs) to improve processes, runbooks and detection logic. Contribute to a culture of quality and standardisation by improving documentation and operational practices.
Your Skills And Experience
  • Strong knowledge of Linux and Windows operating systems and core networking concepts; excellent written communication for clear incident notes and stakeholder updates. Demonstrable experience working effectively in time‑pressured operational environments.
  • Strong foundational knowledge of incident and event management / SIEM platforms (e.g., Elastic, Sentinel, Splunk) and query languages used for investigations and detections (e.g., KQL, ES|QL, Kibana Query Language).
  • Strong knowledge of Endpoint Detection & Response (EDR) concepts and workflows and knowledge of IDS/IPS concepts and signature‑based detection principles.
  • Understanding of attacker Tactics, Techniques and Procedures (TTPs) and how they manifest in logs/telemetry; evidence of keeping up to date with threat trends, attacker tradecraft and emerging defensive techniques.
  • Experience handling incidents through to handover to incident management / IR and strong knowledge of host‑based forensic concepts and applying PIR learnings to improve outcomes.
Desirable
  • Deep understanding of one or more SIEM technologies; knowledge of…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search