SOC Engineer

About the role

Job Description MISSION: Ensure EMG's digital assets, cloud platforms, applications, infrastructure, APIs, and data ecosystems are continuously monitored, protected, and defended against cyber threats. The SOC Engineer is responsible for: Building and tuning security detections Operating EMG's SIEM/SOAR platforms (Splunk, cloud-native tools) Handling cyber investigations and forensics activities Enhancing visibility across cloud, on-prem, and application layers Supporting threat hunting, response, and vulnerability remediation Ensuring alignment with EMG security policies, CISO directives, and regulatory obligations This role is essential for maintaining EMG's cybersecurity resilience in a hybrid and modernized technology landscape. MAIN RESPONSABILITIES: 1. Security Monitoring & Detection Engineering ● Develop and maintain detection rules, dashboards, alerts, correlation logic, and analytics within: Splunk (SIEM) SOAR (such as n8n) cloud-native SIEM/SOC tools endpoint detection tools (EDR/XDR) identity logs ● Build detections and emerging threat patterns. ● Configure, monitor and troubleshoot security infrastructure devices and services such as EDR, DLP or CASB ● Identify opportunities for, and promote automation and new technical solutions and security tools to help mitigate security vulnerabilities and improve efficiency 2. Incident Investigation & Threat Response ● Perform L3 investigation of security alerts, including: anomalous authentication events suspicious network activities endpoint compromises cloud misconfigurations API misuse or credential abuse ● Execute containment and remediation actions in collaboration with cybersecurity teams, IT Ops and Engineering teams ● Produce clear incident reports and contribute to RCA and continuous improvement. ● Establishing disaster recovery procedures and conducting breach of security drills. 3. Threat Hunting ● Conduct proactive threat hunts using: log patterns anomalous behavior detection threat intel feeds historical investigations cloud & API-specific threat vectors ● Identify gaps in security visibility and propose instrumentation improvements. 4. Security Logging & Observability Integration ● Ensure complete and reliable logging coverage across: Cybersecurity tools (EDR, DLP, etc.) APIs cloud workloads network traffic databases CI/CD systems (GitLab) ● Work with Observability teams to ensure correlated visibility (Dynatrace + Splunk). 5. Vulnerability & Attack Surface Support ● Support vulnerability management by correlating findings with real activity logs. ● Validate remediation and track exploitation attempts related to EMG systems. ● Assist IT Ops and Engineering teams to prioritize and mitigate vulnerabilities. 6. Cyber Security Controls Validation ● Validate enforcement of cybersecurity standards (E.g., Zero Trust, MFA, encryption, identity governance). ● Test security controls effectiveness through simulations or red-team collaboration. 7. Documentation, Playbooks & Knowledge Sharing ● Maintain SOC runbooks, response playbooks, detection documentation, and forensic procedures. ● Identify and communicate current and emerging security threats 8. Collaboration Across IT & Business ● Work closely with: CISO (governance, escalation, risk alignment) Cybersecurity Architecture Manager IAM teams Cloud & Production Services Network & Infrastructure Ops Domain Engineering Teams ● Ensure consistent communication and coordination during incidents and monitoring activities. IDEAL EXPERIENCE: 3-8 years in SOC, security operations, detection engineering, incident response, or cyber defense roles. Hands-on experience with Splunk SIEM, SOAR tools, EDR/XDR, and cloud logging. Understanding of cloud security (AWS/GCP), API security, microservices architecture. SKILLS & COMPETENCIES: Strong log analysis, correlation, and detection engineering ability. Understanding of attacker techniques, threat vectors, malware behavior, identity attacks. Ability to operate during high-pressure security incidents. Knowledge of IAM flows, network security, and container security. OTHER PERSONAL CHARACTERISTICS: Analytical, methodical, and rigorous. Calm under pressure; reliable during crises. Highly ethical and trustworthy. Curious and proactive in threat intelligence and detection improvement. Risk-oriented: ability to detect, assess risks, and propose realistic solutions Business-focused: ability to understand business priorities Europcar Mobility Group Europcar Mobility Group is a global mobility player, with 75 years of mobility services expertise and a leading position in Europe. "We help to change the way you move" is what we stand for and brings us together. We offer to individuals and businesses a wide range of car and van rental services, be it for a few hours, a few days, a week, a month or more, on-demand or on subscription, relying on a fleet of more than 250.000 vehicles, equipped with the latest engines including an increasing share of electric vehicl

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at europcar? Share your experience