Job details

Staff SOC/CSIRT Engineer (f/m)

We're making the world of digital assets accessible and secure for everyone. Join the mission.

Founded in 2014, Ledger is the global platform for digital assets and Web3. Over 15% of the world’s crypto assets are secured through our Ledger Nanos. Headquartered in Paris and Vierzon, with offices in the UK, US, Switzerland and Singapore, Ledger has a team of more than 600 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including the Ledger hardware wallets line with more than 5 millions units already sold in 180 countries.

At Ledger, we embody the values that make us unique: Pragmatism, Audacity, Commitment, Trust, and Transparency. Have a look at our Origins video here.

Ledger is seeking a Staff SOC/CSIRT Engineer with extensive expertise in Security Operations Center (SOC) Level 3 activities. As part of Ledger's Security Operations Center (SecOps), you will join a dedicated team responsible for protecting company assets against cyber threats across cloud, corporate, and datacenter environments. The SecOps team's core mission encompasses threat anticipation, detection, and prevention throughout Ledger's infrastructure, operating independently from the Donjon team which handles product security.

This role focuses on advanced security operations, including the optimization of Sekoia (SIEM), SOAR processes, and the use of CTI and OSINT to enhance detection and response capabilities. As a key technical expert, you will handle complex incidents, optimize security toolsets, and lead proactive threat-hunting initiatives. This position is an individual contributor role designed for those with deep technical skills and a passion for elevating operational security excellence through comprehensive monitoring and incident management.

The mission

SOC Level 3 Expertise : Act as the primary responder for SOC Level 3 activities, managing advanced threat detection, incident response, and post-incident analysis. Conduct proactive threat-hunting exercises leveraging CTI (Cyber Threat Intelligence) and OSINT (Open Source Intelligence) to identify and mitigate risks before they impact the organization.
SIEM & SOAR Optimization : Design, optimize, and maintain Sekoia (SIEM) and associated SOAR workflows to ensure efficient threat detection, triage, and response processes. Develop advanced detection rules and automation workflows tailored to Ledger's threat landscape.
Threat Intelligence Integration : Leverage CTI feeds and OSINT tools to enrich security operations, improving situational awareness and incident response effectiveness. Provide insights from threat intelligence to shape detection strategies and inform security posture improvements.
Cloud Security Operations : Apply deep knowledge of AWS security best practices to monitor and secure cloud environments. Utilize tools like Wiz for CSPM (Cloud Security Posture Management) and CNAPP to ensure proactive identification and mitigation of cloud vulnerabilities.
Incident Response & Forensics : Lead technical investigations for high-priority incidents, performing root cause analysis and recommending mitigations to prevent recurrence. Use advanced forensic tools and techniques to analyze and respond to complex attacks.
Collaboration & Documentation : Work closely with Engineering, Infrastructure, and Security Operations teams to align operational practices with organizational goals. Create detailed playbooks, detection rules, and technical runbooks to enhance team knowledge and response efficiency.

What we're looking for

9+ years of experience in security operations, including SOC Level 3 activities and incident response.
Expertise with Sekoia (or similar SIEM tools), SOAR platforms, and CTI/OSINT methodologies.
Strong knowledge of AWS security, including IAM, VPC configurations, and cloud-native threat monitoring.
Hands-on experience with tools such as Wiz, SentinelOne (EDR), and GitHub Actions for automation.
Exceptional analytical and problem-solving skills, with the ability to handle complex security challenges.
Excellent communication skills for conveying technical concepts to cross-functional teams.

What's in it for you?

Equity: Employees are the foundation of our success, and we award stock options so you can share in that success as we grow. Flexibility: A hybrid work policy.
Social: Annual company outing for Ledgerdary Days, plus frequent social events, snacks and drinks
Medical: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage. Well-being: Personal development, coaching & fitness with our dedicated partners.
Vacation: Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days.
High tech: Access to high performance office equipment and gadgets, including Apple products.
Transport: Ledger reimburses part of your preferred means of transportation.
Discounts: Employee discount on all our products.

We are an equal opportunity employer for all without any distinction of gender, ethnicity, religion, sexual orientation, social status, disability or age.

#LI-Hybrid #LI-RDH

Ledger Glassdoor Company Review

3.9

Ledger DE&I Review

4.2

CEO of Ledger

Pascal Gauthier

Approve of CEO

Average salary estimate

$100000 / YEARLY (est.)

min

max

$80000K

$120000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Staff SOC/CSIRT Engineer (f/m), Ledger

Join Ledger, the global platform for digital assets and Web3, as a Staff SOC/CSIRT Engineer in Paris! Our mission is to make the world of digital assets secure and accessible for everyone, and we're excited to welcome someone with your expertise to our dynamic Security Operations Center (SecOps) team. At Ledger, you’ll take the lead in advanced security operations, focusing on threat detection, incident response, and optimization of our SIEM tools like Sekoia. This role isn’t just about managing incidents; it’s about proactively hunting for threats using Cyber Threat Intelligence (CTI) and Open Source Intelligence (OSINT), ensuring robust security across our cloud, corporate, and datacenter environments. You’ll collaborate closely with engineering and infrastructure teams to create detailed playbooks and automate workflows, making security smarter and more efficient. If you have over 9 years of experience in security operations and a passion for tackling complex challenges head-on, Ledger is the place to not only showcase your skills but to grow and learn alongside some of the brightest minds in the industry. Plus, enjoy fantastic benefits like stock options, a hybrid work policy, generous vacation time, and even discounts on our innovative products. Let’s work together to secure the digital future!

Frequently Asked Questions (FAQs) for Staff SOC/CSIRT Engineer (f/m) Role at Ledger

What are the responsibilities of a Staff SOC/CSIRT Engineer at Ledger?

As a Staff SOC/CSIRT Engineer at Ledger, your primary responsibilities include managing advanced threat detection and incident responses, conducting proactive threat-hunting exercises, optimizing our SIEM tools like Sekoia, and leading technical investigations for high-priority incidents. You're also expected to collaborate with various teams to create documentation that enhances team knowledge and operational efficiency.