
Senior Security Operations Engineer
Join Ledger's Security Operations (SecOps) team, responsible for protecting Ledger's corporate, cloud, SaaS, and data center environments. As a Senior Security Operations Engineer, you sit at the heart of the SOC: you lead investigations end-to-end, manage the lifecycle of detections, dashboards, and automations, and continuously expand visibility across cloud, endpoints, identities, SaaS, and infrastructure. You also serve as a technical escalation point for junior analysts and contribute to Ledger's in-house Agentic SOC.
Responsibilities
- ▹Analyse, classify, and prioritise alerts from Splunk, CrowdStrike, Wiz, AWS, and other sources, and conduct in-depth investigations across endpoints, cloud, identities, SaaS, and infrastructure
- ▹Build and tune cloud detection use cases (AWS, IAM activity, EKS/Kubernetes, container workloads) and use Wiz to track and prioritise cloud exposure
- ▹Integrate and maintain log sources and improve data quality: completeness, parsing, normalisation, relevance, and usability
- ▹Design, write, and optimise Splunk queries and develop new detection use cases, reducing noise and improving signal quality
- ▹Lead incident response: gather evidence, reconstruct timelines, document actions, and monitor containment and remediation
- ▹Build and maintain automations (Torq/SOAR, scripts, APIs) and contribute to the design and continuous improvement of the internal Agentic SOC
- ▹Serve as an escalation point and technical resource for more junior analysts, reviewing their work and sharing knowledge
Requirements
- ▹Solid, proven experience in SecOps, SOC, cloud security, incident response, or infrastructure security, with a track record of building and improving SOC capabilities and conducting independent investigations
- ▹Strong, hands-on cloud security skills, ideally with AWS: investigating IAM and identity activity, analysing cloud audit logs (CloudTrail, GuardDuty), and securing workloads, containers, and Kubernetes (EKS)
- ▹Comfortable with exposure/CSPM tooling, ideally Wiz
- ▹SIEM experience, ideally Splunk, with the ability to write queries for investigation and detection; EDR, ideally CrowdStrike
- ▹Automation using Python, Bash, APIs, GitHub Actions, SOAR, or equivalent
- ▹Professional-level English
Nice to have
- ▹Interest in or experience with AI applied to security, agent-based workflows, and SOC automation
Soft skills
What we offer
- ▹Hybrid policy allowing employees to work from home up to 3 times per week
- ▹Health and Life Insurance
- ▹Opportunity to become a shareholder in Ledger, plus further financial benefits depending on your country of work
- ▹Commuter allowance towards your preferred means of transportation
- ▹A comprehensive suite of training solutions providing a personalised learning experience
About the company
Ledger is a global platform for digital assets and Web3, securing over 20% of the world's crypto assets. Headquartered in Paris with offices worldwide, its roughly 600 professionals build products and services - including the Ledger hardware wallet line, with more than 7.5 million units sold in 200 countries - that let individuals and companies securely buy, store, swap, grow, and manage crypto assets.