SOC Engineer – Remote-First

 Be part of a movement to change the way Europe pays

In today's digital world, payments often still feel outdated: random delays and confusing rules make it harder than it should be to pay and get paid. The European Payments Initiative (EPI) is here to change all that, forever.

With Wero, our digital wallet, we make sending and receiving money simple, seamless and secure across France, Belgium and Germany, with more countries and omnichannel solutions coming soon. Supported by 14 major banks and the two largest European acquirers, EPI is building a new, proudly European payment system: easy, instant and transparent, all for the greater good.

What's in it for you

We are currently looking for a SOC Engineer – Threat Hunting & Incident Response with strong technical expertise and a strategic mindset to enhance our detection and response capabilities. You will be a key member of the team, working closely with another SOC expert to triage alerts, conduct incident response based on the SANS PICERL framework, perform hypothesis-driven threat hunting and threat intelligence activities, and continuously improve our detection and automation workflows. You'll contribute across the full SOC lifecycle - from Tier 1 to Tier 3 - and help shape our SOC strategy.

Your impact

• Act as a central point of contact for alert triage and incident identification

• Execute incident response activities using the SANS PICERL framework

• Conduct proactive, hypothesis-driven threat hunts based on attacker behavior and emerging threats

• Parse and analyze logs from diverse sources (authentication, application, system, cloud telemetry, etc.)

• Design and refine detection rules, use cases, and dashboards to identify anomalies, lateral movement, and persistent threats

• Create and maintain custom alerts and automation workflows for auto-remediation

• Correlate internal and external threat intelligence to support hunting and detection

• Map attacker techniques to MITRE ATT&CK and enrich findings with context

• Document and communicate threat findings to technical and non-technical stakeholders

• Collaborate with engineering, SOC, IR, and IT teams to improve detection coverage and response capabilities

• Contribute to the development and maintenance of SOC playbooks and runbooks

• Support continuous improvement of SIEM and EDR tooling and integrations

• Ensure visibility and detection coverage across cloud environments

• Participate in compliance and audit activities related to incident response and detection

Technology stack

• Primary: Rapid 7, Microsoft Defender

• Secondary: Jira, Confluence, GitHub, PagerDuty, Okta
  

To succeed, you should meet at least 70% of these requirements

• +5 years of experience in cybersecurity, with strong hands-on experience as a SOC analyst or incident responder

• Familiarity with the full SOC lifecycle (Tier 1 to Tier 3), including alert triage, incident response, threat hunting, and threat intelligence

• Proven experience in threat hunting, detection engineering, or threat intelligence

• Solid understanding of SIEM and EDR technologies, log parsing, and detection engineering

• Experience with scripting and querying (e.g., Python, PowerShell, KQL, etc.) to support automation and custom alerting

• Ability to analyze and correlate logs from diverse sources (authentication, application, system, cloud telemetry)

• Knowledge of attacker TTPs, MITRE ATT&CK, threat exposure, and attack path analysis

• Experience creating and maintaining playbooks and automation workflows for incident response

• Familiarity with Microsoft Entra ID and its integration into detection and response workflows

• Fluent in English (CEFR C1 or C2) is mandatory; proficiency in German, Dutch, French, or any additional European languages is a plus

• Strong communication skills and the ability to present technical findings clearly to both technical and non-technical stakeholders

• Participate in a 24/7 on-call rotation (approximately one week per month) to support incident response and operational continuity

• Experience with Rapid7 and TaHiTI are a bonus

If this looks like you, the recruitment steps are:

1. A first call with one of our recruiters

2. A technical interview with our Security Expert and Team Lead

3. An interview with our CISO and Head of Operations and Service Delivery

4. A final interview with our COO

5. Hopefully, an offer you can't refuse

Turn back if …

• You've worked in a SOC but only followed playbooks without understanding detection logic or threat context

• You prefer working in isolation and aren't comfortable collaborating closely with another SOC expert

• You're looking for an already highly structured environment with no ambiguity or room for initiative

Otherwise apply

Our commitment to equal employment opportunities

EPI offers the same job opportunities to all, without distinction of gender, ethnicity, religion, sexual orientation, social status, disability or age. EPI promotes the development of an inclusive work environment that mirrors the diversity of the clients our product is serving.