Senior Security Operations Engineer (f/m)
Ledger
Operations
Portland, OR, USA
Posted on Dec 2, 2024
We're making the world of digital assets accessible and secure for everyone. Join the mission.
Founded in 2014, Ledger is the global platform for digital assets and Web3. Over 25% of the world’s crypto assets are secured through our Ledger Nanos. Headquartered in Paris and Vierzon, with offices in the UK, US, Switzerland and Singapore, Ledger has a team of more than 700 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including the Ledger hardware wallets line with more than 7 millions units already sold in 200 countries.
At Ledger, we embody the values that make us unique: Pragmatism, Audacity, Commitment, Trust and Transparency. Hear from our employees how they shape the work we do here.
Your mission
- Ledger is seeking a Senior Threat Hunter & Automation Engineer with extensive experience in scale-up environments to strengthen and optimize our security operations.
- This role will focus on maintaining and enhancing security monitoring, detection, and response capabilities, with a specific emphasis on developing and refining detection logic in our SIEM (Sekoia).
- The ideal candidate will bring expertise in securing SaaS platforms, Google Workspace, and IAM (e.g., OKTA), while contributing to the scalability and efficiency of our security tools and processes.
- This is a technical, hands-on role for someone who thrives in dynamic environments and has a strong background in cloud and SaaS security.
In this role you will:
- Detection Logic Development: Design, implement, and optimize detection rules in the SIEM (Sekoia) to improve threat detection accuracy and reduce false positives. Collaborate with the Threat Intelligence team to integrate CTI (Cyber Threat Intelligence) into detection workflows.
- Security Monitoring & Response: Monitor and analyze security events using Sekoia (SIEM) and SentinelOne (EDR), ensuring rapid identification and mitigation of threats. Lead technical investigations and coordinate with stakeholders to resolve security incidents effectively.
- SaaS and Google Workspace Security: Manage and secure SaaS applications, with a focus on Google Workspace, ensuring configurations meet security best practices.
- Identify and Access Management (IAM): Administer and optimize IAM systems like OKTA, implementing robust access control policies and automating user lifecycle management.
- Automation and Process Improvement: Develop and enhance automation workflows using GitHub Actions or other tools to streamline detection and response processes.
- Vulnerability Management: Identify, prioritize, and remediate vulnerabilities in cloud and SaaS environments using tools like Wiz and SBOM registries.
- Collaboration and Enablement: Work closely with Engineering, Infrastructure, and GRC teams to align security practices with organizational goals. Provide technical guidance and support to team members, ensuring alignment with best practices.
- Documentation and Knowledge Sharing: Create and maintain playbooks, runbooks, and documentation for detection logic and incident response processes.
What we’re looking for:
- Professional Experience: 7+ years in security operations, preferably in scale-up environments with a focus on SaaS platforms and cloud infrastructure. Hands-on experience developing detection logic for SIEM tools (e.g., Sekoia, Splunk).
- Technical Skills: Proficiency in configuring and managing SIEM tools, with a focus on custom detection logic and rule optimization. Expertise in EDR (e.g., SentinelOne), IAM systems (e.g., OKTA), and SaaS security (e.g., Google Workspace). Solid understanding of vulnerability management tools like Wiz and cloud security best practices (AWS preferred).
- Soft Skills: Strong analytical skills for incident investigation and threat analysis. Excellent collaboration and communication abilities to work across teams and share knowledge effectively.
What's in it for you:
- Working schedule: Monday to Friday, standard working hours, hybrid (2 days in the office / week)
- Training: Get trained and gain experience in one of today's most exciting and growing industries
- Equity: Employees are the foundation of our success, and we award stock options so you can share in that success as we grow
- Flexibility: A hybrid work policy
- Medical: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage
- Well-being: Personal development, coaching & fitness with our dedicated partners
- Vacation: 20 days of paid leave per year
- Retirement: 401k with employer match
- High tech: Access to high performance office equipment and gadgets, including Apple products
- Transport: Ledger reimburses part of your preferred means of transportation
- Discounts: Employee discount on all our products.
We are an equal opportunity employer for all without any distinction of gender, ethnicity, religion, sexual orientation, social status, disability or age.
