We are looking for a SOC (Security Operations Center) Team Lead to build and lead our SOC function end-to-end. You will own vulnerability management, alerting and detection engineering, incident response, and the security tooling/infrastructure that enable these missions.
\nKey responsibilities include:
\n• Leading and growing the team: Manage the SOC team, shape the roadmap, delegate effectively, and mentor engineers.
\n• Driving operations: Define vulnerability management processes and coordinate stakeholders for timely remediation. Design, implement, and operate SIEM/SOAR infrastructure (ingestion, normalization, correlation, alerting, playbooks). Specify logging requirements across our main stacks and centralize telemetry in the SIEM. Develop and tune correlation rules and detections; manage CTI intake and operationalize intel. Run continuous improvement to reduce false positives and raise signal quality. Establish crisp procedures for alert triage, escalation, and incident handling & investigation. Lead incident communications with stakeholders and ensure thorough documentation.
\n• Engineering and enablement: Contribute to security tooling, automation, and integrations that speed up detection/response. Produce guidance and documentation for product/infra teams; contribute to compliance in the SOC perimeter.
\n• Exercises and assurance: Coordinate red/blue exercises, post-mortems, and targeted audits to validate coverage and resilience.
\nThe ideal candidate will have 8+ years of experience leading SOC/CSIRT functions, with proven leadership. Hands-on experience with SIEM (e.g., Elastic Security, Sekoia, Splunk) and SOAR platforms is required. Strong experience in vulnerability management (e.g., DefectDojo, Dependency-Track) and remediation workflows is also necessary. Solid grasp of the cyber kill chain / attack lifecycle, detection engineering, and log source coverage is essential. Excellent problem-solving and communication skills are required, as well as the ability to operate in a fast-paced startup environment.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_9f15a44c-cc5","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Mistral AI","sameAs":"https://mistral.ai","logo":"https://logos.yubhub.co/mistral.ai.png"},"x-apply-url":"https://jobs.lever.co/mistral/e0b55281-55c6-4143-9bf8-e4418c667f9f","x-work-arrangement":"hybrid","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["SIEM","SOAR","vulnerability management","incident response","security tooling","automation","integrations","cyber kill chain","attack lifecycle","detection engineering","log source coverage"],"x-skills-preferred":["scripting","Python","Bash","modern infra/app stacks","EDR/IDS/IPS","compliance frameworks","security audits/pen-tests"],"datePosted":"2026-04-17T12:47:13.692Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Paris"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"SIEM, SOAR, vulnerability management, incident response, security tooling, automation, integrations, cyber kill chain, attack lifecycle, detection engineering, log source coverage, scripting, Python, Bash, modern infra/app stacks, EDR/IDS/IPS, compliance frameworks, security audits/pen-tests"},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_3e75d44f-c7f"},"title":"Team Lead, SOC (Security Operations Center)","description":"About this role
\nWe are looking for a SOC (Security Operations Center) Team Lead to build and lead our SOC function end-to-end. You will own vulnerability management, alerting and detection engineering, incident response, and the security tooling/infrastructure that enable these missions. You’ll define processes, collaborate closely with Product, Infra and IT, and continuously improve detection quality and response time.
\nKey responsibilities
\n• Lead & grow the team: Manage the SOC team, shape the roadmap, delegate effectively, and mentor engineers.
\n• Drive operations:\n - Define vulnerability management processes and coordinate stakeholders for timely remediation.\n - Design, implement, and operate SIEM/SOAR infrastructure (ingestion, normalization, correlation, alerting, playbooks).\n - Specify logging requirements across our main stacks and centralize telemetry in the SIEM.\n - Develop and tune correlation rules and detections; manage CTI intake and operationalize intel.\n - Run continuous improvement to reduce false positives and raise signal quality.\n - Establish crisp procedures for alert triage, escalation, and incident handling & investigation.\n - Lead incident communications with stakeholders and ensure thorough documentation.
\n• Engineering & enablement:\n - Contribute to security tooling, automation, and integrations that speed up detection/response.\n - Produce guidance and documentation for product/infra teams; contribute to compliance in the SOC perimeter.
\n• Exercises & assurance:\n - Coordinate red/blue exercises, post-mortems, and targeted audits to validate coverage and resilience.
\nRequirements
\n• 8+ years of experience leading SOC/CSIRT functions, with proven leadership.
\n• Hands-on with SIEM (e.g., Elastic Security, Sekoia, Splunk) and SOAR platforms.
\n• Strong experience in vulnerability management (e.g., DefectDojo, Dependency-Track) and remediation workflows.
\n• Solid grasp of the cyber kill chain / attack lifecycle, detection engineering, and log source coverage.
\n• Excellent problem-solving and communication skills; able to operate in a fast-paced startup environment.
\n• Builder mindset: pragmatic, automation-oriented, comfortable with ambiguity and ownership.
\nNice to have
\n• Bring scripting/automation skills (e.g., Python, Bash) for data pipelines/playbooks.
\n• Know modern infra/app stacks (Linux, containers, Kubernetes, cloud), EDR/IDS/IPS.
\n• Have exposure to compliance frameworks (ISO 27001, SOC 2) and security audits/pen-tests.
\n• Have run purple team exercises and measurable detection-coverage programs.
\n• Are comfortable partnering with Product/Platform teams and influencing roadmaps.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_3e75d44f-c7f","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Mistral AI","sameAs":"https://mistral.ai"},"x-apply-url":"https://jobs.lever.co/mistral/e0b55281-55c6-4143-9bf8-e4418c667f9f","x-work-arrangement":"hybrid","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["SIEM","SOAR","vulnerability management","remediation workflows","cyber kill chain","detection engineering","log source coverage","problem-solving","communication skills"],"x-skills-preferred":["scripting/automation skills","modern infra/app stacks","EDR/IDS/IPS","compliance frameworks","security audits/pen-tests","purple team exercises"],"datePosted":"2026-03-10T11:33:18.520Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Paris"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"SIEM, SOAR, vulnerability management, remediation workflows, cyber kill chain, detection engineering, log source coverage, problem-solving, communication skills, scripting/automation skills, modern infra/app stacks, EDR/IDS/IPS, compliance frameworks, security audits/pen-tests, purple team exercises"}]}