← Back to list
Job · Principal

Staff SecOps Engineer

Backend Developer • Principal • Remote • Full-time • 📍 Paris

Ledger is hiring a Staff Security Operations Engineer to join its SecOps team, which protects Ledger's corporate, cloud, SaaS and data center environments. As the team's top technical expert and go-to authority on incident management, you will lead the response to the most critical and complex incidents (CSIRT), spearhead proactive threat hunting, and define the detection and response strategy. This is an expert individual contributor role where your impact stems from your expertise, judgement under pressure and influence. You will also build and evolve the detection pipeline, SIEM, automation and Ledger's in-house Agentic SOC.

Responsibilities

  • Serve as primary contact and coordinator for the most complex incidents across cloud, corporate systems, endpoints, identities and the data center
  • Conduct end-to-end investigations: root cause analysis, forensics, timeline reconstruction and remediation recommendations
  • Ensure a rigorous, consistent approach to handling, escalating and documenting incidents
  • Define the team's detection strategy, architecture and methodology
  • Lead proactive threat hunting using CTI and OSINT to neutralize risks before they impact Ledger
  • Design and optimize the SIEM (Splunk) architecture and SOAR (Torq) workflows
  • Bring the Splunk environment up to standard: data quality and standardization (CIM), data models, search performance, detection governance
  • Build, evolve and own the architecture of the internal Agentic SOC and log/data pipeline, and automate SecOps reporting
  • Apply cloud security expertise (AWS, EKS/Kubernetes) and Wiz (CSPM/CNAPP) to harden the cloud and prioritize exposure
  • Establish standards, playbooks and runbooks; mentor senior and junior engineers
  • Work with Engineering, Infrastructure, IT and Cloud teams to align operational security with organizational objectives

Requirements

  • 9+ years of experience in security operations, incident response and CSIRT
  • Strong track record as a technical expert in incident management, threat hunting and detection engineering
  • In-depth expertise in SIEM (ideally Splunk) and SOAR platforms, as well as CTI/OSINT methodologies
  • Solid knowledge of AWS security (IAM, audit logs, network configurations, workloads, containers, Kubernetes) and cloud security tools (ideally Wiz, CSPM/CNAPP)
  • Experience with an EDR (ideally CrowdStrike)
  • Strong incident response and forensics skills for complex end-to-end investigations
  • Ability to automate tasks and reporting using Python, Bash, APIs, GitHub Actions, a SOAR platform or equivalent
  • Solid understanding of infrastructure (cloud, networking, containers, CI/CD) and the ability to build and scale log/data pipelines, integrations and internal services
  • Comfortable working as both an individual contributor and team player in a fast-paced cloud and SaaS environment

Nice to have

  • A strong interest or experience in AI applied to security operations, agent-based workflows and SOC automation

Soft skills

Sound judgement under pressureTechnical leadership and influenceMentoring and knowledge sharingCross-team collaborationBuilder mindset

About the company

Ledger is a global platform for digital assets and Web3, with over 20% of the world's crypto assets secured through its devices. Headquartered in Paris with offices in Vierzon, Grenoble, Montpellier, London, Portland, Geneva, Zurich and Singapore, Ledger has around 600 professionals and has sold more than 7.5 million hardware wallets in 200 countries. Its mission is to make self-custody accessible and give people the keys to their own financial futures.