Cyber Automation

Choosing Capgemini means choosing a company where you will be empowered to shape your career in the way you'd like, where you'll be supported and inspired by a collaborative community of colleagues around the world, and where you'll be able to reimagine what's possible. Join us and help the world's leading organizations unlock the value of technology and build a more sustainable, more inclusive world.

Job Description

Job Responsibilities

Security Monitoring & Incident Response

* Monitor alerts and security events generated from Microsoft Sentinel, Defender for Cloud, Defender for Endpoint, Defender for Identity, and other SOC tools.

* Perform initial triage, correlation, and investigation of security incidents to determine severity and impact.

* Escalate confirmed incidents and support containment, eradication, and recovery actions.

* Document incident response steps, root-cause analysis, and lessons learned.

* Maintain 24×7 situational awareness coverage through rotating on-call or shift responsibilities as required.

Threat Detection & Analysis

* Conduct proactive threat hunting using Sentinel analytics, KQL queries, and custom detection rules.

* Analyze logs and telemetry from endpoints, firewalls, Azure resources, and AVD hosts for anomalous activity.

* Identify potential indicators of compromise (IOCs) and emerging threats within the Azure Government and M365 GCC-High ecosystems.

* Recommend tuning improvements to detections and correlation rules to reduce false positives.

Vulnerability & Patch Management

* Support regular vulnerability scans, review results, and track remediation activities.

* Collaborate with infrastructure and Intune teams to validate patch compliance across AVD and Windows 365 assets.

* Monitor Defender Vulnerability Management dashboards and report high-risk exposures to leadership.

* Assist in maintaining asset inventories, vulnerability baselines, and patch metrics.

Compliance, Audit, & CMMC Level 2 Support

* Support ongoing CMMC Level 2 and NIST SP 800-171 compliance efforts through control monitoring, evidence collection, and reporting.

* Maintain and update security-related documentation, including incident response plans, SIEM configurations, and POA&M items.

* Provide input to the System Security Plan (SSP) on monitoring and incident response controls.

* Participate in internal audits, tabletop exercises, and compliance reviews to ensure readiness.

Tool Administration & Optimization

* Administer SOC and security tools such as Microsoft Sentinel, Defender for Cloud, and Defender for Endpoint.

* Develop custom Sentinel workbooks, dashboards, and KQL queries for enhanced visibility.

* Integrate alerts with Service Now for incident and change management workflows.

* Support automation initiatives using Logic Apps, Playbooks, or Power Shell to streamline incident response.

Reporting & Continuous Improvement

* Produce daily and weekly SOC summaries, incident metrics, and trend analyses.

* Deliver executive-level reports summarizing threat activity, vulnerabilities, and remediation progress.

* Recommend improvements to SOC processes, escalation procedures, and documentation standards.

* Stay current on evolving threats, tools, and Microsoft security technologies applicable to Azure Government environments.

Job Description - Grade Specific

Required Qualifications

Education:

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field.

Experience:

* 3+ years of experience in cybersecurity or SOC operations.

* 1+ years working with Microsoft Sentinel, Defender for Cloud, and Defender for Endpoint.

* Experience in Azure Government and Microsoft 365 GCC-High environments.

* Practical experience in log analysis, incident response, and SIEM management.

* Familiarity with compliance frameworks including CMMC Level 2, NIST SP 800-171, and FedRAMP High.

Technical

Skills:

* Proficiency with KQL (Kusto Query Language) and Sentinel analytics.

* Strong understanding of network security, endpoint protection, and cloud security monitoring.

* Experience integrating alerts and workflows into Service Now or similar ITSM tools.

* Knowledge of Active Directory, Entra  (Azure AD), and conditional access policies.

Soft Skills:

Excellent analytical, investigative, and communication skills; strong documentation discipline and attention to detail;

U.S. Citizenship required (for access to GCC-High and Azure Government environments).

Desired Qualifications

* Microsoft Certified:
Cybersecurity Architect Expert or Azure Administrator Associate.

* Security+ (CompTIA), Microsoft Certified:
Security Operations Analyst Associate, or equivalent.

* GIAC (GCIH, GCIA) or CISSP certification.

* Experience working with Defender for Identity, Purview, and Conditional Access policy design.

* Background in automation (Logic Apps, Power Automate, or Power Shell).

* Prior SOC experience supporting Federal or Defense Industrial Base (DIB) clients.

* Familiarity with incident ticket workflows, evidence collection, and reporting for CMMC Level 2…