Security Operations Engineer
PARIS, 75
il y a 1 jour
What You’ll Be Doing
As a Security Operations Engineer , you’re a talented self‑reliant engineer on the front lines of the SOC. You investigate alerts and incidents, contribute to detection and automation, and help expand our visibility across cloud, endpoints, identities, SaaS, workloads and infrastructure.
Operate the SOC
- Analyze, prioritize, and investigate alerts from Splunk, CrowdStrike, Wiz, AWS, and other sources, conducting investigations into incidents affecting endpoints, cloud, identities, SaaS, workloads, and infrastructure.
- Provide clear actionable context, determine next steps, and bring in senior engineers for the most complex cases.
- Leverage the Agentic SOC to investigate weak signals and enrich alerts so you can focus on the cases that matter.
Visibility & Detection
- Help integrate and maintain the log sources on which the SOC relies (cloud, endpoints, identities, SaaS, infrastructure, Kubernetes) and improve data quality.
- Write and optimize Splunk queries for investigations, contribute to the team’s detection rules and catalog, and help reduce noise and improve signal quality.
Incident Response
- Play an active role in investigations: collecting evidence, reconstructing timelines, and documenting actions taken.
- Help oversee containment, remediation, and post‑incident measures by rigorously applying our processes and turning lessons learned into detections, runbooks, or automations.
Contribute to Automation and our Agentic SOC
- Build and maintain automations (Torq/SOAR, GitHub Actions, scripts) that accelerate triage, enrichment, and response.
- Contribute to the continuous improvement of our internal Agentic SOC—new investigation workflows, better correlation, and tighter integration with detection and response—and document playbooks and procedures.
What We’re Looking For
- 1 to 3 years of experience in security operations, SOC, IT, infrastructure, or a related technical role (a strong cybersecurity internship or entry‑level SOC position counts).
- An interest in Web3 and blockchain security is a plus.
- A solid grasp of SecOps fundamentals: triage, investigation, incident response, log analysis, and documentation.
- Practical experience with an SIEM (ideally Splunk), including writing and refining queries and detection logic, and with an EDR (ideally CrowdStrike).
- A good understanding of the cloud (ideally AWS): IAM, audit logs, workloads, containers, and Kubernetes.
- The ability to automate using Python, Bash, APIs, GitHub Actions, a SOAR platform, or equivalent.
- An interest in AI applied to security, agent‑based workflows, and SOC automation.
- Independence, proactivity, thoroughness and attention to detail: you take on responsibilities, follow our processes carefully, and know when to seek support from senior colleagues.
- Ability to conduct in‑depth investigations, document findings clearly, and elevate issues with appropriate context and confidentiality.
- Professional‑level English; Ledger operates in an international environment.
Entreprise
Ledger
Plateforme de publication
WHATJOBS
Offres pouvant vous intéresser
PARIS, 75
il y a 7 jours
PARIS, 75
il y a 8 jours
FRANCE
il y a 8 jours
FRANCE
il y a 15 jours