Cybersecurity Research and Development Specialist

Who are we? Capgemini

is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. Guided daily by our purpose of unleashing human energy through technology for an inclusive and sustainable future, we are a responsible and diverse organization of

340,000 team

members in nearly

50 countries

. With over 50 years of heritage and expertise, we are a trusted partner to address the full breadth of our clients' needs—from strategy and design to operations—leveraging the innovative world of cloud, cybersecurity, infrastructure data, AI, connectivity, software, and platforms.

The mission of the

Cyber Security Services for Union Institutions, Agencies, Bodies and Offices

(CERT-EU) is to strengthen the IT Security posture of the Union Institutions, Agencies, Bodies and Offices (aka Union entities) by providing various cybersecurity services (i.e., Security monitoring, Incident Response, Vulnerability Scanning, Threat Intelligence, etc.). Within the Incident Response team (aka DFIR team), the main objective is to investigate and respond to cyber security incidents. This team also works on additional activities such as Detection Engineering, Threat Hunting and Automation.

This project supports the work of the Detection Engineers, helping them efficiently deploying detection rules in heterogeneous environment. Their work mostly relies on Python development and knowledge of SIEM technologies such as Splunk, Microsoft XDR and Sentinel.

The external service provider will perform the following tasks:

Develop a fully functional implementation of the correlation feature in the pySigma backend "Kusto" library, contributed to CERT-EU's GitHub repository through a pull request. The implementation must support all four Sigma correlation types, ensuring accurate conversion of Sigma rules with correlation features into equivalent KQL queries for Microsoft Sentinel and XDR. Develop a comprehensive set of new test cases to validate the correctness and effectiveness of the correlation feature, including: Unit tests to verify individual components of the correlation feature Example Sigma rules demonstrating the usage of each correlation type, along with their expected KQL outputs. Documentation updates, if necessary, to reflect the changes and additions made to the pySigma backend library, including any new configuration options or usage guidelines related to the correlation feature.

Qualifications:

As stated in section 5.1 of FREIA Specifications for the technical profiles for operational services (Lot1, Lot 2), the minimum educational qualification is a Level of education corresponding to Level 5 of the European Qualification Framework, which typically corresponds to 2 years of post-secondary Ref. Ares - 31/10/2025

Why Join Capgemini?

Diversity Culture:

we believe diversity drives innovation and inclusion builds success. We are committed to providing equal opportunities regardless of ethnicity, gender, age, disability, sexual orientation, or any other dimension of diversity Flex abroad program:

work 45 per year in another country. Holidays:

24 working days + 2 days off work per year for personal matters + 24 and 31 of December. Additional Benefits

Would you like to join our team?