Back to all jobs
L

Staff SecOps Engineer

Paris, France
full-timeTech

Job Description

We’re a team of experts pushing the limits of what’s possible, united by our common goal to unlock true freedom through digital ownership, making technology accessible for all. We believe in a world where users, creators and enterprises manage their value with ownership and freedom. Our curiosity drives us to innovate, empowering individuals on a global scale. We believe change is constant and our team moves forward as one, with a culture of problem-solving where every employee is empowered and supported to challenge tradition and create solutions. Our mission is simple: to make self-custody accessible and give people the keys to their own financial futures. If you want to make a true impact, we want you to join us at Ledger.

At Ledger, we’re proud to be the global platform for digital assets and Web3, with over 20% of the world’s crypto assets secured through our Ledger devices. With our headquarters in Paris, and offices in Vierzon, Grenoble, Montpellier, London, Portland, Geneva, Zurich and Central Singapore, we have a team of around 600 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including the Ledger hardware wallets line with more than 7.5 millions units already sold in 200 countries.

The team:

You’ll join the Security Operations team, responsible for protecting Ledger’s corporate, cloud, SaaS, and data center environments. Its mission: to anticipate, detect, investigate, and respond to cyber threats—including monitoring, alert triage, incident response, detection, visibility, automation, exposure tracking, and continuous process improvement. The scope is distinct from that of the Donjon (product security): SecOps covers the operational security of internal environments, the cloud, endpoints, workloads, identities, and infrastructure.

As a close-knit and experienced team—technically demanding and committed to knowledge sharing—we’re also continuously building the SOC itself: integrating new log sources, ensuring data quality, expanding detection coverage, and developing reliable dashboards and operational workflows.

Our technical stack includes:

  • Splunk for SIEM, investigations, and dashboards;

  • CrowdStrike for EDR and endpoint/workload security;

  • Wiz for cloud security and exposure management;

  • Torq for SOAR and automation;

  • AWS, including modern environments such as EKS/Kubernetes;

  • An in-house developed Agentic SOC for alert enrichment, correlation, investigation support, reporting, and automation.

AI is at the heart of how we work: investing in AI applied to security is a strategic priority for Ledger this year. We’ve built our own in-house Agentic SOC, which autonomously investigates weak signals—the large volume of unreliable alerts that a human team couldn’t sort through manually—and enriches them, so our engineers can focus on what matters most and resolve incidents faster: high-quality detection, noise reduction, and accelerated investigations.

What you’ll be doing:

As a Staff Security Operations Engineer, you're one of the most senior technical voices on the team: a hands-on generalist who can dig deep into any layer of our stack, step back to see the whole picture, and bring clear, calm judgment when the stakes are highest.

Anchor critical-incident response (CSIRT)

  • Bring senior technical leadership to our most complex incidents — cloud, corporate, endpoints, identities, data center — working with the team, not in isolation.

  • Lead complex investigations end to end, alongside the team: root cause analysis, forensics, timeline reconstruction, and remediation that prevents recurrence.

  • Be a trusted escalation point, and keep our handling, escalation, and documentation rigorous and consistent.

Set the direction on detection & threat hunting

  • Set the direction of our detection strategy, architecture, and methodology — with the team — and bring a clear point of view on where to invest next.

  • Contribute to proactive threat hunting — turning CTI and OSINT into risks caught before they reach Ledger.

  • Take on our thorniest detection problems and translate threat intel into concrete posture improvements.

Evolve the architecture & the Agentic SOC

  • Drive how our Splunk and Torq (SOAR) setup evolves so detection, triage, and response keep getting better — focused on detection quality, data standardization (CIM, data models), and usability, not day-to-day platform administration.

  • Contribute to the architecture of our Agentic SOC and log/data pipeline, and help automate the team's reporting. (No need to arrive as a software/data engineer — an engineering mindset and the drive to build matter more.)

  • Bring cloud-security judgment (AWS, EKS/Kubernetes) and use Wiz to prioritize exposure at scale.

Raise the bar across the team

  • Define the standards, playbooks, and runbooks the team relies on.

  • Grow senior and junior engineers through review, pairing, and everyday knowledge sharing — a force multiplier through influence and example, not formal management.

  • Partner with Engineering, Infrastructure, IT, and Cloud to align operational security with where Ledger is heading.

What we’re looking for:

  • ~9 years (or a track record that speaks for itself) in security operations, incident response, and CSIRT, with real depth in complex, end-to-end investigations.

  • The ability to lead technically under pressure and stay structured when things are ambiguous.

  • Hands-on SIEM experience (ideally Splunk): writing and refining queries for investigation and detection.

  • Solid cloud-security fundamentals (ideally AWS): IAM/identity, audit logs (CloudTrail, GuardDuty), and a working understanding of workloads, containers, and Kubernetes (EKS) — enough to scope and investigate a cloud or container incident, and go deeper as needed.

  • Comfort automating with Python, Bash, APIs, GitHub Actions, or a SOAR platform.

  • Clear communication of complex topics, strong documentation habits, and sound judgment with sensitive information.

About Ledger

First seen: July 3, 2026
Last updated: July 10, 2026