Security Operations Engineer

Responsibilities

• Operate the SOC
• Analyze, prioritize, and investigate alerts (from Splunk, CrowdStrike, Wiz, AWS, and other sources), conducting your own investigations into incidents affecting endpoints, the cloud, identities, SaaS, workloads, and infrastructure.
• Provide clear and actionable context, determine next steps, and bring in senior engineers for the most complex cases.
• Leverage the Agentic SOC, which investigates weak signals and enriches alerts, so you can focus on the cases that matter.
• Visibility & Detection
• Help integrate and maintain the log sources on which the SOC relies (cloud, endpoints, identities, SaaS, infrastructure, Kubernetes) and improve data quality.
• Write and optimize Splunk queries for your investigations, contribute to the team's detection rules and catalog, and help reduce noise and improve signal quality.
• Incident Response
• Play an active role in investigations: collecting evidence, reconstructing timelines, and documenting actions taken.
• Help oversee containment, remediation, and post-incident measures by rigorously applying our processes and turning lessons learned into detections, runbooks, or automations.
• Contribute to automation and our Agentic SOC
• Build and maintain automations (Torq/SOAR, GitHub Actions, scripts) that accelerate triage, enrichment, and response.
• Contribute to the continuous improvement of our internal Agentic SOC-new investigation workflows, better correlation, and tighter integration with detection and response-and document playbooks and procedures.

Requirements

• 1 to 3 years of experience in security operations, SOC, IT, infrastructure, or a related technical role (an outstanding cybersecurity internship or an entry-level SOC position counts). You are a talented engineer who learns quickly and is eager to take on responsibilities.
• An interest in Web3 and blockchain security is a plus (Ledger operates in the world of digital assets).
• A solid grasp of SecOps fundamentals: triage, investigation, incident response, log analysis, and documentation.
• Practical experience with an SIEM (ideally Splunk), including writing and re

Benefits

Additional Information

About Ledger We're a team of experts pushing the limits of what's possible, united by our common goal to unlock true freedom through digital ownership, making technology accessible for all. We believe in a world where users, creators and enterprises manage their value with ownership and freedom. Our curiosity drives us to innovate, empowering individuals on a global scale. We believe change is constant and our team moves forward as one, with a culture of problem-solving where every employee is empowered and supported to challenge tradition and create solutions. Our mission is simple: to make self-custody accessible and give people the keys to their own financial futures. If you want to make a true impact, we want you to join us at Ledger. At Ledger, we're proud to be the global platform for digital assets and Web3, with over 20% of the world's crypto assets secured through our Ledger devices. With our headquarters in Paris, and offices in Vierzon, Grenoble, Montpellier, London, Portland, Geneva, Zurich and Central Singapore, we have a team of around 600 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets - including the Ledger hardware wallets line with more than 7.5 millions units already sold in 200 countries. The team You'll join the Security Operations team, responsible for protecting Ledger's corporate, cloud, SaaS, and data center environments. Its mission: to anticipate, detect, investigate, and respond to cyber threats-including monitoring, alert triage, incident response, detection, visibility, automation, exposure tracking, and continuous process improvement. The scope is distinct from that of the Donjon (product security): SecOps covers the operational security of internal environments, the cloud, endpoints, workloads, identities, and infrastructure. As a close-knit and experienced team-technically demanding and committed to knowledge sharing-we're also continuously building the SOC itself: integrating new log sources, ensuring data quality, expanding detection coverage, and developing reliable dashboards and operational workflows.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at ledger? Share your experience