Staff SecOps Engineer

Posted 8 Days Ago
Be an Early Applicant
Paris, Île-de-France, FRA
Hybrid
Expert/Leader
Software • Web3
The Role
Lead response to complex incidents across cloud, endpoints, identities, and data centers. Define detection strategy and architecture, drive threat hunting, design and improve SIEM/SOAR and log pipelines, build and own the Agentic SOC and automation, mentor engineers, and align SecOps with engineering and cloud teams to harden environments and reduce exposure.
Summary Generated by Built In

We’re a team of experts pushing the limits of what’s possible, united by our common goal to unlock true freedom through digital ownership, making technology accessible for all. We believe in a world where users, creators and enterprises manage their value with ownership and freedom. Our curiosity drives us to innovate, empowering individuals on a global scale. We believe change is constant and our team moves forward as one, with a culture of problem-solving where every employee is empowered and supported to challenge tradition and create solutions. Our mission is simple: to make self-custody accessible and give people the keys to their own financial futures. If you want to make a true impact, we want you to join us at Ledger.

At Ledger, we’re proud to be the global platform for digital assets and Web3, with over 20% of the world’s crypto assets secured through our Ledger devices. With our headquarters in Paris, and offices in Vierzon, Grenoble, Montpellier, London, Portland, Geneva, Zurich and Central Singapore, we have a team of around 600 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including the Ledger hardware wallets line with more than 7.5 millions units already sold in 200 countries.

The team:

You’ll join the Security Operations team, responsible for protecting Ledger’s corporate, cloud, SaaS, and data center environments. Its mission: to anticipate, detect, investigate, and respond to cyber threats—including monitoring, alert triage, incident response, detection, visibility, automation, exposure tracking, and continuous process improvement. The scope is distinct from that of the Donjon (product security): SecOps covers the operational security of internal environments, the cloud, endpoints, workloads, identities, and infrastructure.

As a close-knit and experienced team—technically demanding and committed to knowledge sharing—we’re also continuously building the SOC itself: integrating new log sources, ensuring data quality, expanding detection coverage, and developing reliable dashboards and operational workflows.

Our technical stack includes:

  • Splunk for SIEM, investigations, and dashboards;

  • CrowdStrike for EDR and endpoint/workload security;

  • Wiz for cloud security and exposure management;

  • Torq for SOAR and automation;

  • AWS, including modern environments such as EKS/Kubernetes;

  • An in-house developed Agentic SOC for alert enrichment, correlation, investigation support, reporting, and automation.

AI is at the heart of how we work: investing in AI applied to security is a strategic priority for Ledger this year. We’ve built our own in-house Agentic SOC, which autonomously investigates weak signals—the large volume of unreliable alerts that a human team couldn’t sort through manually—and enriches them, so our engineers can focus on what matters most and resolve incidents faster: high-quality detection, noise reduction, and accelerated investigations.

What you’ll be doing:

As a Staff Security Operations Engineer, you're one of the most senior technical voices on the team: a hands-on generalist who can dig deep into any layer of our stack, step back to see the whole picture, and bring clear, calm judgment when the stakes are highest.

Anchor critical-incident response (CSIRT)

  • Bring senior technical leadership to our most complex incidents — cloud, corporate, endpoints, identities, data center — working with the team, not in isolation.

  • Lead complex investigations end to end, alongside the team: root cause analysis, forensics, timeline reconstruction, and remediation that prevents recurrence.

  • Be a trusted escalation point, and keep our handling, escalation, and documentation rigorous and consistent.

Set the direction on detection & threat hunting

  • Set the direction of our detection strategy, architecture, and methodology — with the team — and bring a clear point of view on where to invest next.

  • Contribute to proactive threat hunting — turning CTI and OSINT into risks caught before they reach Ledger.

  • Take on our thorniest detection problems and translate threat intel into concrete posture improvements.

Evolve the architecture & the Agentic SOC

  • Drive how our Splunk and Torq (SOAR) setup evolves so detection, triage, and response keep getting better — focused on detection quality, data standardization (CIM, data models), and usability, not day-to-day platform administration.

  • Contribute to the architecture of our Agentic SOC and log/data pipeline, and help automate the team's reporting. (No need to arrive as a software/data engineer — an engineering mindset and the drive to build matter more.)

  • Bring cloud-security judgment (AWS, EKS/Kubernetes) and use Wiz to prioritize exposure at scale.

Raise the bar across the team

  • Define the standards, playbooks, and runbooks the team relies on.

  • Grow senior and junior engineers through review, pairing, and everyday knowledge sharing — a force multiplier through influence and example, not formal management.

  • Partner with Engineering, Infrastructure, IT, and Cloud to align operational security with where Ledger is heading.

What we’re looking for:

  • ~9 years (or a track record that speaks for itself) in security operations, incident response, and CSIRT, with real depth in complex, end-to-end investigations.

  • The ability to lead technically under pressure and stay structured when things are ambiguous.

  • Hands-on SIEM experience (ideally Splunk): writing and refining queries for investigation and detection.

  • Solid cloud-security fundamentals (ideally AWS): IAM/identity, audit logs (CloudTrail, GuardDuty), and a working understanding of workloads, containers, and Kubernetes (EKS) — enough to scope and investigate a cloud or container incident, and go deeper as needed.

  • Comfort automating with Python, Bash, APIs, GitHub Actions, or a SOAR platform.

  • Clear communication of complex topics, strong documentation habits, and sound judgment with sensitive information.

Skills Required

  • 9+ years experience in security operations, incident response, and CSIRT
  • Technical expertise in incident management, threat hunting, and detection engineering
  • In-depth expertise in SIEM and SOAR platforms
  • Experience with Splunk
  • CTI and OSINT methodologies
  • Solid knowledge of AWS security (IAM, audit logs, network, workloads, containers, Kubernetes)
  • Experience with cloud security tools (CSPM/CNAPP)
  • Experience with Wiz
  • Experience with EDR platforms
  • Experience with CrowdStrike
  • Strong incident response and forensics skills for end-to-end investigations
  • Ability to automate tasks and reporting using Python, Bash, APIs, GitHub Actions, or a SOAR platform
  • Understanding of infrastructure (cloud, networking, containers, CI/CD) and ability to build/scale log/data pipelines and integrations
  • Interest or experience in AI applied to security operations, agent-based workflows, and SOC automation
  • Ability to mentor engineers and establish detection/playbook standards
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Paris
751 Employees
Year Founded: 2014

What We Do

Founded in Paris in 2014, LEDGER is a global platform for digital assets and Web3. Ledger is already the world leader in Critical Digital Asset security and utility. With more than 6M devices sold to consumers in 200 countries and 10+ languages, 100+ financial institutions and brands as customers, 20% of the world’s crypto assets are secured, plus services supporting trading, buying, spending, earning, and NFTs. LEDGER’s products include: Ledger Stax, Nano S Plus, Nano X hardware wallets, LEDGER Live companion app, [ LEDGER ] Market, the world’s first secure-minting and first-sale distribution platform, and Ledger Enterprise. With its ease of use, LEDGER allows a user to begin investing in digital assets and ultimately, achieve financial freedom in a safe and stress-free environment. Headquartered in Paris and Vierzon, with offices in London, New York and Singapore, Ledger has a team of more than 900 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto Headquartered in Paris and Vierzon, with offices in London, New York and Singapore, Ledger has a team of more than 900 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including more than 6 millions devices already sold in 180 countries. Ledger combines either Nano S Plus or Nano X and the Ledger Live app to offer consumers the easiest way to start their crypto journey while maintaining full control over their digital assets. With its ease of use, Ledger allows users to begin investing in digital assets and ultimately, achieve financial freedom in a safe and stress-free environment, with education provided by its Ledger Academy and Quest. In addition to consumer products, Ledger has also developed Ledger Enterprise, a digital asset custody and security solution for institutional investors and financial players.

Similar Jobs

Mondelēz International Logo Mondelēz International

Fp&a Manager

Big Data • Food • Hardware • Machine Learning • Retail • Automation • Manufacturing
Hybrid
Boulogne, Hauts-de-Seine, Île-de-France, FRA
90000 Employees

Mondelēz International Logo Mondelēz International

Chef de produit Senior Belin & Savory - CDI (H/F/X)

Big Data • Food • Hardware • Machine Learning • Retail • Automation • Manufacturing
Hybrid
Clamart, Hauts-de-Seine, Île-de-France, FRA
90000 Employees

Snap Inc. Logo Snap Inc.

Software Engineer

Artificial Intelligence • Cloud • Machine Learning • Mobile • Software • Virtual Reality • App development
Hybrid
Paris, Île-de-France, FRA
5000 Employees

Snap Inc. Logo Snap Inc.

Scientist

Artificial Intelligence • Cloud • Machine Learning • Mobile • Software • Virtual Reality • App development
Hybrid
Paris, Île-de-France, FRA
5000 Employees

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account