Cybersecurity Engineer (SOC Analyst)

Requirements

• 3+ years of experience in a Security Operations Center (SOC), Incident Response, or Threat Hunting role, ideally within a cloud-native or fast‑paced tech environment
• Deep understanding of the threat landscape, the MITRE ATT&CK framework, and the methodologies required to protect high‑value infrastructure and intellectual property
• Strong experience writing complex queries (e.g., KQL, Splunk SPL, or similar) and leveraging SIEM platforms to build out correlation rules and detection logic
• Ability to write practical automation scripts in Python or Go to interact with security APIs, enrich alert context, and streamline response workflows
• Proven experience participating in or leading incident response efforts, demonstrating a calm, methodical approach to high‑pressure crisis management.

What the job involves

• Mistral AI is looking for a Security Operations Center (SOC) Analyst to monitor, defend and respond to threats across our rapidly evolving AI ecosystem
• You will treat security telemetry as the core of our active defense
• Your objective is to ensure the continuous security of our diverse environment, spanning IT, Engineering, Science, Compute and Infrastructure by building robust detection mechanisms and moving swiftly from alert to automated response
• Partner with engineering and platform teams to ensure the comprehensive centralization of security logs across all Mistral environments
• Design, test, and continuously tune high‑fidelity alert scenarios and correlation rules to detect anomalous behavior while minimizing alert fatigue
• Operationalize Cyber Threat Intelligence (CTI), monitoring the landscape for threats specific to AI and cloud infrastructure, and integrating actionable intel directly into our detection pipelines
• Conduct rigorous, deep‑diving investigations into security alerts, tracking root causes, identifying potential lateral movement, and determining impact
• Drive the lifecycle of security incidents from containment to remediation, and coordinate cross‑functional crisis management during high‑severity events