Customer Cyber Defense Engineer

EQUANS France
Canton de Courbevoie-1, France
31 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Canton de Courbevoie-1, France

Tech stack

API
Amazon Web Services (AWS)
Azure
Business Systems
Cloud Computing
Cloud Computing Security
Configuration Management
CompTIA Security+
Computer Security
Continuous Integration
Identity and Access Management
Intrusion Detection and Prevention
Python
Local Security Policy
Parsing
Performance Tuning
Powershell
Runbook
Security Information and Event Management
Software Engineering
Management of Software Versions
Software Vulnerability Management
Scripting (Bash/Python/Go/Ruby)
Google Cloud Platform
Information Technology
Cyber Warfare
Network Server

Job description

Customer Cyber Defense (CCD) team, part of SLS Cyber Customer Trust (SLS CCT), is the OneITeam organization responsible for delivering detection (SOC), vulnerability management and incident response services for Equans-owned business systems (IT/OT) that support the delivery of services to Equans customers.

Reporting to the Head of CCD, the CCD Engineer is responsible for the technical build-up, integration and run-ready implementation of the CCD tooling stack, with a strong focus on automation. The role covers the deployment and evolution of detection and vulnerability management capabilities (starting with CrowdStrike and SOAR enablement, and evolving towards SIEM/log correlation and potentially OT sensors), the industrialization of technical processes (ingestion, triage, playbooks, reporting), and the continuous improvement of operational efficiency to enable CCD scale-up with a small team.

The position requires close collaboration with Business Units, local CCT security teams, internal Cyberdefense functions, and solution providers/partners, acting as the day-to-day technical point of contact for tooling and integrations.

KEY METRICS OF THE ENVIRONMENT

  • Workstations: 5000

  • Servers: 4000

  • Hosting: 80% of the IT are managed on Azure and AWS, new Customer Landing Zones (CLZ) to come to host business systems (projects, production, etc.). These Customer Landing Zones will be operated in Azure, AWS, GCP, and potential sovereign European CSP., As a key technical contributor to CCD scale-up, the CCD Engineer is responsible for delivering and industrializing the tooling and automation foundations required to operate and expand the service efficiently with a lean team.

  • Tooling operations (CrowdStrike & SOAR): ensure the operational maintenance of the existing tooling stack where already deployed (CrowdStrike and SOAR), including health monitoring, upgrades, configuration management, access management, and operational readiness.

  • Environment onboarding: onboard new Equans-owned business systems into the CCD tooling stack by driving the technical integration end-to-end, ensuring consistent and repeatable deployments.

  • SOAR-first operations (automated SOC N1): build and continuously improve a SOAR-driven model where first-line activities are automated by design (triage, enrichment, first qualification, routing/assignment, notifications, evidence collection), by developing new playbooks and optimizing existing ones.

  • Vulnerability management automation (risk-based): industrialize and automate vulnerability workflows end-to-end, including asset/context collection enrichment with risk signals/analysis, generation of risk-based reporting, automated communications to stakeholders.

  • Technical roadmap execution (SIEM & beyond): contribute to and deliver the technical evolution of CCD capabilities over time, including preparation and implementation of SIEM onboarding, log correlation, additional telemetry sources (identities, Cloud, firewall, etc.), and (where relevant) OT visibility/sensing components.

  • CLZ readiness (Customer Landing Zones): contribute to making CCD deployable by default in new CLZ (hosting for business systems) by defining technical standards and integration patterns, and ensuring alignment with evolving CLZ building blocks.

  • Workflow industrialization: contribute to the lifecycle management of detection content and operational workflows (use cases, rules, playbooks), including testing, tuning, versioning and continuous optimization.

  • POCs and technical assessments: propose and support request for proposals and proof-of-concept activities for new tools/technologies.

  • Operational documentation: produce and maintain technical documentation, runbooks, integration guides and architecture notes; contribute to the internal knowledge base and ensure operational handover is repeatable.

  • Technical support to operations: provide technical support to analysts and stakeholders on tooling, workflows and investigations.

  • Provider technical interface: act as the technical point of contact for vendors/partners for integrations, troubleshooting and updates (service governance and escalation ownership remain with the Head of CCD).

Requirements

Do you have a Master's degree?, * Master's or Engineering degree in cybersecurity, computer science, Information Technology, software engineering, or a related field (or equivalent proven experience).

  • 3 to 7 years of experience in a technical cybersecurity role, ideally in one (or a mix) of the following areas: SOC engineering, security tooling integration, automation, detection engineering, or security operations engineering.

  • Proven hands-on experience operating and evolving security tooling in production, with a focus on reliability, maintainability and scalability (configuration management, upgrades, monitoring, troubleshooting).

  • Demonstrated experience onboarding new environments to security tooling in heterogeneous contexts (Cloud, on-prem, IT/OT constraints).

  • Strong experience in automation: building playbooks/workflows and automating repetitive operational tasks (triage/enrichment, routing, reporting, notifications, ticketing integration), using scripting and APIs.

  • Good understanding of log/telemetry concepts and correlation principles; experience with SIEM and log pipelines is a strong advantage (or strong motivation/ability to build this capability as the service scales).

  • Cloud exposure (Azure/AWS/GCP/sovereign) is a plus; interest or experience in OT constraints is a plus.

  • Cybersecurity certifications are a strong advantage (SOC/IR, cloud security, automation, etc.).

Behavioral Capabilities

  • Autonomous and hands-on, with a strong "get-things-done" mindset in an environment that is scaling and evolving.

  • Strong rigor: reliable execution, structured troubleshooting, attention to detail, documentation reflex.

  • Automation-first mentality: naturally driven to remove manual steps, standardize, and industrialize processes to operate efficiently with a lean team.

  • Strong collaboration and communication skills, able to work with Business Units, local security teams, internal Cyberdefense functions and vendors/partners.

  • Curious, proactive and continuously learning; comfortable assessing new tools/approaches pragmatically.

  • Strong ethics and discretion.

  • Comfortable working in a multicultural, distributed team.

Skills

  • Understanding of SOC workflows (triage, enrichment, qualification, escalation) and operational constraints.

  • Familiarity with EDR/SOAR concepts and workflows; exposure to SIEM/log management/correlation is a strong plus.

  • Automation & scripting: ability to automate via APIs and scripting (e.g., Python/PowerShell), with good practices (versioning, testing, maintainability); CI/CD and "automation as code" is a plus.

  • Understanding of log collection constraints, data quality, normalization, parsing, and correlation readiness.

  • Documentation & operationalization: ability to produce runbooks, integration guides, technical notes, and to ensure repeatable handover.

  • Fluent professional English in an international context.

  • You may be required to travel within the Equans perimeter., Join a dynamic team of passionate professionals, actively involved in prestigious cybersecurity collaboration networks. Be part of a culture that values excellence, innovation, and mutual support.

About the company

Equans is a world leader in the energy and services sector, with annual revenues of nearly €19,2 billion* and almost 800,000 projects. Equans has leading positions in Europe, which is the result of the history of energy construction in these countries, and strong presences in North and South America and in Oceania. With nearly 90,000 highly skilled employees, Equans has a strong geographic footprint, anchored by historic local brands. Equans provides its customers with excellent technical expertise in the design, installation, maintenance, and operation of multi-technical facilities. This know-how is based on key skills. First of all, in electrical and thermal engineering - two strong points that help accelerate the reduction of our clients' carbon footprint - but also in ventilation, refrigeration, mechanics and robotics, fire protection, energy renovation, digital solutions, IT, cyber security and telecommunications. The combination of thes expertises allows us to offer efficient and optimised solutions at all stages of the energy chain, from production, storage and transport to usage.

Apply for this position