Staff SOC/CSIRT Engineer (f/m)

We're making the world of digital assets accessible and secure for everyone. Join the mission. 

Founded in 2014, Ledger is the global platform for digital assets and Web3. Over 15% of the world’s crypto assets are secured through our Ledger Nanos. Headquartered in Paris and Vierzon, with offices in the UK, US, Switzerland and Singapore, Ledger has a team of more than 600 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including the Ledger hardware wallets line with more than 5 millions units already sold in 180 countries.

At Ledger, we embody the values that make us unique: Pragmatism, Audacity, Commitment, Trust, and Transparency. Have a look at our Origins video here. 

Ledger is seeking a Staff SOC/CSIRT Engineer with extensive expertise in Security Operations Center (SOC) Level 3 activities. As part of Ledger's Security Operations Center (SecOps), you will join a dedicated team responsible for protecting company assets against cyber threats across cloud, corporate, and datacenter environments. The SecOps team's core mission encompasses threat anticipation, detection, and prevention throughout Ledger's infrastructure, operating independently from the Donjon team which handles product security.

This role focuses on advanced security operations, including the optimization of Sekoia (SIEM), SOAR processes, and the use of CTI and OSINT to enhance detection and response capabilities. As a key technical expert, you will handle complex incidents, optimize security toolsets, and lead proactive threat-hunting initiatives. This position is an individual contributor role designed for those with deep technical skills and a passion for elevating operational security excellence through comprehensive monitoring and incident management.

The mission

• SOC Level 3 Expertise : Act as the primary responder for SOC Level 3 activities, managing advanced threat detection, incident response, and post-incident analysis. Conduct proactive threat-hunting exercises leveraging CTI (Cyber Threat Intelligence) and OSINT (Open Source Intelligence) to identify and mitigate risks before they impact the organization.
• SIEM & SOAR Optimization : Design, optimize, and maintain Sekoia (SIEM) and associated SOAR workflows to ensure efficient threat detection, triage, and response processes. Develop advanced detection rules and automation workflows tailored to Ledger's threat landscape.
• Threat Intelligence Integration : Leverage CTI feeds and OSINT tools to enrich security operations, improving situational awareness and incident response effectiveness. Provide insights from threat intelligence to shape detection strategies and inform security posture improvements.
• Cloud Security Operations : Apply deep knowledge of AWS security best practices to monitor and secure cloud environments. Utilize tools like Wiz for CSPM (Cloud Security Posture Management) and CNAPP to ensure proactive identification and mitigation of cloud vulnerabilities.
• Incident Response & Forensics : Lead technical investigations for high-priority incidents, performing root cause analysis and recommending mitigations to prevent recurrence. Use advanced forensic tools and techniques to analyze and respond to complex attacks.
• Collaboration & Documentation : Work closely with Engineering, Infrastructure, and Security Operations teams to align operational practices with organizational goals. Create detailed playbooks, detection rules, and technical runbooks to enhance team knowledge and response efficiency.

What we're looking for

• 9+ years of experience in security operations, including SOC Level 3 activities and incident response.
• Expertise with Sekoia (or similar SIEM tools), SOAR platforms, and CTI/OSINT methodologies.
• Strong knowledge of AWS security, including IAM, VPC configurations, and cloud-native threat monitoring.
• Hands-on experience with tools such as Wiz, SentinelOne (EDR), and GitHub Actions for automation.
• Exceptional analytical and problem-solving skills, with the ability to handle complex security challenges.
• Excellent communication skills for conveying technical concepts to cross-functional teams.

What's in it for you?

• Equity: Employees are the foundation of our success, and we award stock options so you can share in that success as we grow. Flexibility: A hybrid work policy.
• Social: Annual company outing for Ledgerdary Days, plus frequent social events, snacks and drinks
• Medical: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage. Well-being: Personal development, coaching & fitness with our dedicated partners.
• Vacation: Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days.
• High tech: Access to high performance office equipment and gadgets, including Apple products. 
• Transport: Ledger reimburses part of your preferred means of transportation. 
• Discounts: Employee discount on all our products.

We are an equal opportunity employer for all without any distinction of gender, ethnicity, religion, sexual orientation, social status, disability or age.

#LI-Hybrid #LI-RDH