SOC Engineer – Remote-First

Join to apply for the SOC Engineer – Remote-First role at EPI Company In today’s digital world, payments often still feel outdated: random delays and confusing rules make it harder than it should be to pay and get paid. The European Payments Initiative (EPI) is here to change all that, forever. With Wero, our digital wallet, we make sending and receiving money simple, seamless and secure across France, Belgium and Germany, with more countries and omnichannel solutions coming soon. Supported by 14 major banks and the two largest European acquirers, EPI is building a new, proudly European payment system: easy, instant and transparent, all for the greater good. Overview We are currently looking for a SOC Engineer – Threat Hunting & Incident Response with strong technical expertise and a strategic mindset to enhance our detection and response capabilities. You will be a key member of the team, working closely with another SOC expert to triage alerts, conduct incident response based on the SANS PICERL framework, perform hypothesis-driven threat hunting and threat intelligence activities, and continuously improve our detection and automation workflows. You’ll contribute across the full SOC lifecycle - from Tier 1 to Tier 3 - and help shape our SOC strategy. Responsibilities Act as a central point of contact for alert triage and incident identification Execute incident response activities using the SANS PICERL framework Conduct proactive, hypothesis-driven threat hunts based on attacker behavior and emerging threats Parse and analyze logs from diverse sources (authentication, application, system, cloud telemetry, etc.) Design and refine detection rules, use cases, and dashboards to identify anomalies, lateral movement, and persistent threats Create and maintain custom alerts and automation workflows for auto-remediation Correlate internal and external threat intelligence to support hunting and detection Map attacker techniques to MITRE ATT&CK and enrich findings with context Document and communicate threat findings to technical and non-technical stakeholders Collaborate with engineering, SOC, IR, and IT teams to improve detection coverage and response capabilities Contribute to the development and maintenance of SOC playbooks and runbooks Support continuous improvement of SIEM and EDR tooling and integrations Ensure visibility and detection coverage across cloud environments (e.g., AWS, Azure) Participate in compliance and audit activities related to incident response and detection Secondary: AWS, Jira, Confluence, GitHub, PagerDuty, Okta Qualifications To succeed, you should meet at least 70% of these requirements +5 years of experience in cybersecurity, with strong hands-on experience as a SOC analyst or incident responder Familiarity with the full SOC lifecycle (Tier 1 to Tier 3), including alert triage, incident response, threat hunting, and threat intelligence Proven experience in threat hunting, detection engineering, or threat intelligence Solid understanding of SIEM and EDR technologies, log parsing, and detection engineering Experience with scripting and querying (e.g., Python, PowerShell, KQL, etc.) to support automation and custom alerting Ability to analyze and correlate logs from diverse sources (authentication, application, system, cloud telemetry incl. AWS and Azure) Knowledge of attacker TTPs, MITRE ATT&CK, threat exposure, and attack path analysis Experience creating and maintaining playbooks and automation workflows for incident response Familiarity with Microsoft Entra ID and its integration into detection and response workflows Fluent in English (CEFR C1 or C2) is mandatory; proficiency in German, Dutch, French, or any additional European languages is a plus Strong communication skills and the ability to present technical findings clearly to both technical and non-technical stakeholders Participate in a 24/7 on-call rotation (approximately one week per month) to support incident response and operational continuity Experience with Rapid7 and TaHiTI are a bonus Recruitment steps A first call with one of our recruiters A technical interview with our Security Expert and Team Lead An interview with our CISO and Head of Operations and Service Delivery A final interview with our COO Hopefully, an offer you can’t refuse Equal employment opportunities Our commitment to equal employment opportunities EPI offers the same job opportunities to all, without distinction of gender, ethnicity, religion, sexual orientation, social status, disability or age. EPI promotes the development of an inclusive work environment that mirrors the diversity of the clients our product is serving. Seniority level Not Applicable Employment type Other Job function Engineering and Information Technology Referrals increase your chances of interviewing at EPI Company by 2x Get notified about new Engineer jobs in Paris, Île-de-France, France. We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr