
Ledger · Paris
We’re a team of experts pushing the limits of what’s possible, united by our common goal to unlock true freedom through digital ownership, making technology acc...
We’re a team of experts pushing the limits of what’s possible, united by our common goal to unlock true freedom through digital
ownership, making technology accessible for all. We believe in a world where users, creators and enterprises manage their value
with ownership and freedom. Our curiosity drives us to innovate, empowering individuals on a global scale. We believe change is
constant and our team moves forward as one, with a culture of problem-solving where every employee is empowered and supported to
challenge tradition and create solutions. Our mission is simple: to make self-custody accessible and give people the keys to their
own financial futures. If you want to make a true impact, we want you to join us at Ledger.
At Ledger, we’re proud to be the global platform for digital assets and Web3, with over 20% of the world’s crypto assets secured
through our Ledger devices. With our headquarters in Paris, and offices in Vierzon, Grenoble, Montpellier, London, Portland,
Geneva, Zurich and Central Singapore, we have a team of around 600 professionals developing a variety of products and services to
enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including the Ledger hardware
wallets line with more than 7.5 millions units already sold in 200 countries.
The team
You will join the Security Operations team, which is responsible for protecting Ledger’s corporate, cloud, SaaS, and data center
environments. Its mission is to anticipate, detect, investigate, and respond to cyber threats—including monitoring, alert triage,
incident response, detection, visibility, automation, exposure tracking, and continuous process improvement. This scope is
distinct from that of the Donjon (product security): SecOps covers the operational security of internal environments, the cloud,
endpoints, workloads, identities, and infrastructure.
As a close-knit and experienced team—technically rigorous and committed to knowledge sharing—we are also continuously building the
SOC itself: integrating new log sources, ensuring data quality, expanding detection coverage, and developing reliable dashboards
and operational workflows.
automation.
AI is at the heart of how we work: investing in AI applied to security is a strategic priority for Ledger this year. We’ve built
our own in-house Agentic SOC, which autonomously investigates weak signals—the large volume of unreliable alerts that a human team
couldn’t sort through manually—and enriches them, so our engineers can focus on what matters most and resolve incidents faster:
high-quality detection, reduced noise, and accelerated investigations.
As a Senior Security Operations Engineer, you are at the heart of the SOC: you lead investigations from start to finish, manage
the lifecycle of detections, dashboards, and automations, and continuously expand our visibility (cloud, endpoints, identities,
SaaS, infrastructure). You work independently on complex issues, decide on the next steps - investigation, containment,
remediation, or escalation - serve as a technical resource and point of escalation for more junior analysts (whose work you review
and with whom you share your knowledge), and make a tangible contribution to improving our internal Agentic SOC.
Operate the SOC
investigations into incidents affecting endpoints, the cloud, identities, SaaS, workloads, and infrastructure.
matter.
Visibility & Detection
prioritize cloud exposure as part of your detection work.
data quality: completeness, parsing, normalization, relevance, and usability.
their logic; reduce noise and improve signal quality.
Incident Response
automations.
Contribute to automation and our Agentic SOC
enriches alerts, and assists with investigations—and expand its capabilities: new investigation workflows, better correlation,
and tighter integration with detection and response.
building and improving SOC capabilities (logs, detections, dashboards, automations, runbooks, workflows) and conducting
independent investigations.
CloudTrail, GuardDuty), securing workloads, containers, and Kubernetes (EKS), and scoping cloud incidents end-to-end.
Comfortable with exposure/CSPM tooling (ideally Wiz).
context; awareness of confidentiality and the proper handling of sensitive information.
We’re a team of experts pushing the limits of what’s possible, united by our common goal to unlock true freedom through digital ownership, making technology accessible for all. We believe in a world where users, creators and enterprises manage their value with ownership and freedom. Our curiosity drives us to innovate, empowering individuals on a global scale. We believe change is constant and our team moves forward as one, with a culture of problem-solving where every employee is empowered and supported to challenge tradition and create solutions. Our mission is simple: to make self-custody accessible and give people the keys to their own financial futures. If you want to make a true impact, we want you to join us at Ledger. At Ledger, we’re proud to be the global platform for digital assets and Web3, with over 20% of the world’s crypto assets secured through our Ledger devices. With our headquarters in Paris, and offices in Vierzon, Grenoble, Montpellier, London, Portland, Geneva, Zurich and Central Singapore, we have a team of around 600 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including the Ledger hardware wallets line with more than 7.5 millions units already sold in 200 countries. The team: You’ll join the Security Operations team, responsible for protecting Ledger’s corporate, cloud, SaaS, and data center environments. Its mission: to anticipate, detect, investigate, and respond to cyber threats—including monitoring, alert triage, incident response, detection, visibility, automation, exposure tracking, and continuous process improvement. The scope is distinct from that of the Donjon (product security): SecOps covers the operational security of internal environments, the cloud, endpoints, workloads, identities, and infrastructure. As a close-knit and experienced team—technically demanding and committed to knowledge sharing—we’re also continuously building the SOC itself: integrating new log sources, ensuring data quality, expanding detection coverage, and developing reliable dashboards and operational workflows. Our technical stack includes: * Splunk for SIEM, investigations, and dashboards; * CrowdStrike for EDR and endpoint/workload security; * Wiz for cloud security and exposure management; * Torq for SOAR and automation; * AWS, including modern environments such as EKS/Kubernetes; * An in-house developed Agentic SOC for alert enrichment, correlation, investigation support, reporting, and automation. AI is at the heart of how we work: investing in AI applied to security is a strategic priority for Ledger this year. We’ve built our own in-house Agentic SOC, which autonomously investigates weak signals—the large volume of unreliable alerts that a human team couldn’t sort through manually—and enriches them, so our engineers can focus on what matters most and resolve incidents faster: high-quality detection, noise reduction, and accelerated investigations. What you’ll be doing: As a Staff Security Operations Engineer, you're one of the most senior technical voices on the team: a hands-on generalist who can dig deep into any layer of our stack, step back to see the whole picture, and bring clear, calm judgment when the stakes are highest. Anchor critical-incident response (CSIRT) * Bring senior technical leadership to our most complex incidents — cloud, corporate, endpoints, identities, data center — working with the team, not in isolation. * Lead complex investigations end to end, alongside the team: root cause analysis, forensics, timeline reconstruction, and remediation that prevents recurrence. * Be a trusted escalation point, and keep our handling, escalation, and documentation rigorous and consistent. Set the direction on detection & threat hunting * Set the direction of our detection strategy, architecture, and methodology — with the team — and bring a clear point of view on where to invest next. * Contribute to proactive threat hunting — turning CTI and OSINT into risks caught before they reach Ledger. * Take on our thorniest detection problems and translate threat intel into concrete posture improvements. Evolve the architecture & the Agentic SOC * Drive how our Splunk and Torq (SOAR) setup evolves so detection, triage, and response keep getting better — focused on detection quality, data standardization (CIM, data models), and usability, not day-to-day platform administration. * Contribute to the architecture of our Agentic SOC and log/data pipeline, and help automate the team's reporting. (No need to arrive as a software/data engineer — an engineering mindset and the drive to build matter more.) * Bring cloud-security judgment (AWS, EKS/Kubernetes) and use Wiz to prioritize exposure at scale. Raise the bar across the team * Define the standards, playbooks, and runbooks the team relies on. * Grow senior and junior engineers through review, pairing, and everyday knowledge sharing — a force multiplier through influence and example, not formal management. * Partner with Engineering, Infrastructure, IT, and Cloud to align operational security with where Ledger is heading. What we’re looking for: * ~9 years (or a track record that speaks for itself) in security operations, incident response, and CSIRT, with real depth in complex, end-to-end investigations. * The ability to lead technically under pressure and stay structured when things are ambiguous. * Hands-on SIEM experience (ideally Splunk): writing and refining queries for investigation and detection. * Solid cloud-security fundamentals (ideally AWS): IAM/identity, audit logs (CloudTrail, GuardDuty), and a working understanding of workloads, containers, and Kubernetes (EKS) — enough to scope and investigate a cloud or container incident, and go deeper as needed. * Comfort automating with Python, Bash, APIs, GitHub Actions, or a SOAR platform. * Clear communication of complex topics, strong documentation habits, and sound judgment with sensitive information.
Vestiaire Collective is the leading global platform for desirable pre-loved fashion and a pioneer in transforming how people consume fashion. Our mission is simple: make circular fashion the norm, not the exception. Through technology, expertise, and a highly engaged global community, we enable millions of people to buy and sell fashion in a more sustainable way. Founded in Paris in 2009, Vestiaire Collective is now a globally scaled marketplace with offices in Paris, London, Berlin, New York, Singapore, and Ho Chi Minh City, and logistics hubs across Europe, Asia, and the US. Today, we are a team of around 600 people from over 50 nationalities, united by a shared ambition: to drive meaningful change in the fashion industry. Our values, Activism, Transparency, Dedication, Greatness, and Collective, shape how we build, collaborate, and grow every day. Please upload your CVs in English About the role : As a Senior Security Analyst at Vestiaire Collective, you will be part of our Security team. Your objective will be to provide a safe, secure, and trustworthy experience for our users, while safeguarding their privacy and personal data, as well as protecting our company assets and internal employees. Additionally, you will ensure compliance with regulatory requirements. This role is focused on security operations, risk, and assurance: you will be the person who keeps continuous watch over our security posture — monitoring and investigating alerts, driving vulnerabilities through to remediation, supporting incident response, and producing the evidence and metrics that demonstrate our security and compliance to auditors, regulators, and leadership. Reporting to the Head of Security, you will work alongside a talented team of security engineers and collaborate closely with engineering teams and other stakeholders such as legal, finance, and corporate IT. You will work daily with our security stack: Datadog (SIEM), SentinelOne (EDR), Upwind (CSPM), Cloudflare (WAF and Cloudflare One), and Grafana/Prometheus, on top of our AWS and GCP cloud environments. What you will do : Operate and continuously improve our security monitoring: triage and investigate alerts across our detection stack (Datadog SIEM, SentinelOne EDR, Cloudflare), tune detections to reduce noise, and escalate confirmed threats. Review and prioritize cloud security posture findings (Upwind CSPM) across our AWS and GCP environments, and drive misconfigurations through to resolution with the relevant teams. Own the vulnerability management lifecycle: consolidate findings from penetration tests, application security reviews, and our bug bounty program; validate and prioritize them; and drive remediation with engineering teams against defined SLAs. Triage incoming bug bounty submissions: reproduce and assess reported issues, determine severity, and coordinate fixes with the relevant code owners. Support incident response from detection to closure: first-line investigation, coordination during incidents, documentation, and post-incident follow-up actions. Support audit and assurance activities: prepare and maintain evidence for external audits, run periodic access reviews (joiners/movers/leavers, privileged access), and keep compliance documentation up to date. Contribute to security metrics and reporting: maintain and enrich the KPIs and dashboards (Grafana) we use to report our security posture to leadership. Assess third-party vendors and tools from a security and data-protection standpoint. Handle day-to-day security requests from across the company (reported phishing, the security inbox, employee questions) and deliver security awareness initiatives to promote a security-conscious culture. Who you are : Proven experience (3+ years) in a security analyst, SOC, or security operations role, preferably in a fast-paced startup/scaleup environment. Strong analytical and problem-solving abilities, rigorous documentation habits, and the ability to communicate clearly with both technical and non-technical stakeholders. Hands-on experience with SIEM and log analysis platforms (e.g., Datadog, Splunk, Elastic) for alert triage, threat detection, and investigation; familiarity with EDR tooling (e.g., SentinelOne, CrowdStrike) is a strong plus. Working familiarity with cloud environments (AWS and/or GCP) and cloud security fundamentals - enough to understand, prioritize, and follow up on CSPM and WAF findings. Solid understanding of vulnerability management and common application threats (e.g., OWASP Top 10) - enough to validate findings, assess real-world impact, and discuss remediation credibly with engineers. Understanding of compliance frameworks and regulations (e.g., ISO 27001, PCI DSS, SOC 2, GDPR, DSA), with the ability to translate requirements into practical controls, procedures, and audit evidence. Scripting or query skills (e.g., Python, SQL), for automating routine analysis and digging into data during investigations. Ability to adapt to a rapidly changing environment and manage multiple priorities. NICE TO HAVE: Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CompTIA Security+/CySA+, GIAC GCIH/GCIA, CISA, ISO 27001 Lead Auditor/Implementer) are a plus. Our Tech Stacks includes Datadog SIEM Upwind CSPM Cloudflare (WAF, One) SentinelOne AWS, GCP Grafana, Prometheus Snowflake Tableau
Join Proton and build a better internet where privacy is the default At Proton, we believe that privacy is a fundamental human right and the cornerstone of democracy. Since our inception in 2014, founded by a team of scientists from CERN, we have dedicated ourselves to providing free and open-source technology to millions worldwide, ensuring access to privacy, security, and freedom online. Our journey began with Proton Mail, the largest secure email service globally, and has since expanded to include Proton VPN, Proton Calendar, Proton Drive, and Proton Pass. These tools empower individuals and organizations to take control of their personal data, break away from Big Tech’s invasive practices, and defeat censorship. Our work impacts hundreds of millions of lives, from activists on the front lines defending freedom to leaders in governments protecting sensitive information. In some cases, Proton’s services have even been instrumental in saving lives by enabling secure and private communications in high-risk situations. Proton is a profitable company that does not rely upon VC funding, supporting over 100 million user accounts with a growing team of over 500 people from over 50 different countries, from the world's top companies and universities. We value intelligence, learning potential, and ambition in our hiring process. Adaptability is key as we navigate uncharted territories and redefine how business is conducted online. Hiring at Proton is highly selective, with less than 1% of candidates hired. We believe smaller teams of exceptional talent will always prevail over larger teams with lower talent density. You will have the opportunity work with many of the world's top minds in their fields, ranging from former international math and science olympiad winners to chess champions. We have a global mindset and big ambitions but remain a start-up at heart. We value empowerment and flexibility and keep our structure flat to keep moving fast and avoid unnecessary politics. Tired of blending into the crowd? Join us and do work you can truly be proud of. Check our open-source projects here! The Team The Security Machine Learning Engineer will play a key role in transforming our Security Operations Center (SOC) from reactive to proactive by integrating advanced machine learning and data-driven approaches into our detection and response workflows. This role bridges traditional cybersecurity operations and modern ML-driven analytics, enabling our team to automatically identify emerging threats, anomalous behaviour, and new attack patterns at scale. As a secondary focus, the role could also leverage LLMs and AI engineering to automate analyst workflows and reduce operational toil. The engineer will sit directly within the security team, ensuring that the solutions built are operationally relevant, and aligned with our security priorities, while also working closely with the internal Machine Learning team (MSA) to leverage their expertise and best practices. What you will do: * ML-Driven Detection & Automation * Design, develop, and deploy machine learning models to enhance security detection, anomaly identification, and incident response. * Integrate ML outputs into the SOC workflow to enable smarter and faster triage. * Continuously evaluate and tune models to reduce false positives and improve detection precision. * Ensure model outputs are interpretable and actionable for SOC analysts. Data Engineering for Security * Build and maintain data pipelines to collect, process, and transform security-relevant data (e.g., logs, network traffic, endpoint events) into ML-ready datasets. * Collaborate with security engineering team to ensure scalable and secure data handling (eg. parsing, processing, storage). AI Engineering & LLM-Powered Automation * Explore and build LLM-powered tools to automate repetitive SOC tasks (e.g., alert triage, evidence gathering, incident summarisation, report generation). * Apply appropriate guardrails and evaluation to ensure outputs are accurate, auditable, and safe to act on in operational contexts. Research & Innovation * Stay current on advancements in security data science, adversarial ML, and automated threat detection. * Prototype and test new ML and AI techniques (e.g., unsupervised anomaly detection, graph-based threat correlation). * Contribute to improving detection content through statistical analysis and clustering. Operations & Maintenance * Deploy models into production securely and responsibly, ensuring reliability and scalability. * Implement monitoring, alerting, and retraining mechanisms for deployed ML models. * Document methodologies and performance metrics for auditability and knowledge sharing. What we are looking for: * Required * Proven experience in machine learning engineering or data science, ideally in a cybersecurity or operations context. * Proficiency in Python, with strong knowledge of ML frameworks. * Experience with data manipulation and analysis using Pandas, NumPy or similar tools. * Familiarity with security data sources (e.g., SIEM logs, EDR telemetry, network flow, authentication logs). * Solid understanding of ML lifecycle: data preparation, model training, evaluation, deployment, and monitoring. * Experience with data pipelines and storage technologies (e.g., Airflow, Kafka, Redis, Elasticsearch, Clickhouse, etc.). * Ability to work independently and collaborate effectively with both ML and security specialists. Preferred * Prior experience in threat detection, SOC operations, or security automation. * Knowledge of adversarial ML, graph analytics, or behavioral modeling in security contexts. * Experience integrating ML models into SIEM pipelines or automated detection frameworks. * Exposure to LLMs and AI engineering (e.g., prompt engineering, RAG, agent design), and awareness of LLM-specific risks like prompt injection and data leakage. Success in This Role * SOC analysts leverage ML-powered detections to identify threats faster. * Reduction in alert fatigue and false positives through adaptive and data-driven models. * Strong collaboration established between the security and MSA ML teams, sharing expertise and best practices. * Security data becomes more accessible, structured, and usable for analytical and predictive use cases. * New, intelligent detections, enrichment, and incident response automations become part of the SOC’s standard toolkit. Even if you don’t meet all the requirements listed above, but feel you could still be a great fit, please still apply. What We Offer: * Work that Matters: millions of people trust Proton with their privacy. We answer only to our users — not advertisers, not investors with conflicting agendas, not governments. The work you do here is real, and the impact is measurable. (read more about our impact here) * Technology: you'll get the right hardware and the right software you need to do your best work. * Learning & Development: we invest in your growth because sharp people make us better. Proton is one of the fastest ways to accelerate your career because you'll be thrown into real challenges, with real ownership, from day one. * Employee Benefits: your wellbeing isn't an afterthought. We offer strong health coverage, solid retirement options, generous leave, and wellness support so you can bring your best self to work every day * Stock Options: at Proton, we all have the opportunity to be owners of the company. From day one, you have a real stake in what we're building. When Proton wins, you win. * In-Person Collaboration: Amazing things happen when passionate, smart, and purposeful people get together in the same room. With offices across Geneva, Zürich, Barcelona, London and more, you'll spend most of your time collaborating face-to-face with people who genuinely care about what they're building * Food: Lunch and snacks are on us every day in our offices so you can focus on the work and not on what's for lunch. * Transport: getting to the office shouldn't cost you. We cover public transport, bike allowances, or parking, whichever works for you. * Flexible Working: you own your schedule. Set hours that work for you and your team — because outcomes matter more than when the clock says you started. Our Commitment to Diversity and Inclusion At Proton, we believe diversity drives innovation and strengthens our mission to provide privacy as a default for all. We are committed to fostering an inclusive environment where all individuals, regardless of race, ethnicity, gender, age, sexual orientation, physical ability, or socio-economic background, feel valued and empowered. We strive to create equal opportunities, promote open dialogue, and support continuous learning to ensure every voice is heard and respected. If you need any extra support or reasonable adjustments during the hiring process, please let your talent partner know. Candidate Privacy Notice When you apply for a position, refer a candidate, or are considered for a role at Proton Technologies AG (Proton, we, us, or our), your information is stored in Greenhouse, in accordance with their Service Privacy Policy. This information is used to evaluate your suitability for the posted position. We also retain this information for consideration for future roles that you may apply for or that we believe may align with your background and skills. If we no longer have a legitimate business need to process your information, we will either delete or anonymize it. Should you have any inquiries about how we use or manage your information, or if you wish to access, correct, or delete your data, please contact our privacy team at careers@proton.ch. Proton does not accept unsolicited resumes from any sources other than directly from candidates. We will not pay a fee for any placement resulting from an unsolicited offer, even if the candidate is subsequently hired by Proton. To learn more about our privacy policy, please visit our privacy policy page. Compensation range Paris: 46.000 - 74.000 gross annually* Other locations: Compensation will be discussed during the interview process *Final compensation will be determined based on the candidate's qualifications, skills, and previous experience #LI-ONSITE