Customer Cyber Defense Engineer
Role details
Job location
Tech stack
Job description
Customer Cyber Defense (CCD) team, part of SLS Cyber Customer Trust (SLS CCT), is the OneITeam organization responsible for delivering detection (SOC), vulnerability management and incident response services for Equans-owned business systems (IT/OT) that support the delivery of services to Equans customers.
Reporting to the Head of CCD, the CCD Engineer is responsible for the technical build-up, integration and run-ready implementation of the CCD tooling stack, with a strong focus on automation. The role covers the deployment and evolution of detection and vulnerability management capabilities (starting with CrowdStrike and SOAR enablement, and evolving towards SIEM/log correlation and potentially OT sensors), the industrialization of technical processes (ingestion, triage, playbooks, reporting), and the continuous improvement of operational efficiency to enable CCD scale-up with a small team.
The position requires close collaboration with Business Units, local CCT security teams, internal Cyberdefense functions, and solution providers/partners, acting as the day-to-day technical point of contact for tooling and integrations.
KEY METRICS OF THE ENVIRONMENT
-
Workstations: 5000
-
Servers: 4000
-
Hosting: 80% of the IT are managed on Azure and AWS, new Customer Landing Zones (CLZ) to come to host business systems (projects, production, etc.). These Customer Landing Zones will be operated in Azure, AWS, GCP, and potential sovereign European CSP., As a key technical contributor to CCD scale-up, the CCD Engineer is responsible for delivering and industrializing the tooling and automation foundations required to operate and expand the service efficiently with a lean team.
-
Tooling operations (CrowdStrike & SOAR): ensure the operational maintenance of the existing tooling stack where already deployed (CrowdStrike and SOAR), including health monitoring, upgrades, configuration management, access management, and operational readiness.
-
Environment onboarding: onboard new Equans-owned business systems into the CCD tooling stack by driving the technical integration end-to-end, ensuring consistent and repeatable deployments.
-
SOAR-first operations (automated SOC N1): build and continuously improve a SOAR-driven model where first-line activities are automated by design (triage, enrichment, first qualification, routing/assignment, notifications, evidence collection), by developing new playbooks and optimizing existing ones.
-
Vulnerability management automation (risk-based): industrialize and automate vulnerability workflows end-to-end, including asset/context collection enrichment with risk signals/analysis, generation of risk-based reporting, automated communications to stakeholders.
-
Technical roadmap execution (SIEM & beyond): contribute to and deliver the technical evolution of CCD capabilities over time, including preparation and implementation of SIEM onboarding, log correlation, additional telemetry sources (identities, Cloud, firewall, etc.), and (where relevant) OT visibility/sensing components.
-
CLZ readiness (Customer Landing Zones): contribute to making CCD deployable by default in new CLZ (hosting for business systems) by defining technical standards and integration patterns, and ensuring alignment with evolving CLZ building blocks.
-
Workflow industrialization: contribute to the lifecycle management of detection content and operational workflows (use cases, rules, playbooks), including testing, tuning, versioning and continuous optimization.
-
POCs and technical assessments: propose and support request for proposals and proof-of-concept activities for new tools/technologies.
-
Operational documentation: produce and maintain technical documentation, runbooks, integration guides and architecture notes; contribute to the internal knowledge base and ensure operational handover is repeatable.
-
Technical support to operations: provide technical support to analysts and stakeholders on tooling, workflows and investigations.
-
Provider technical interface: act as the technical point of contact for vendors/partners for integrations, troubleshooting and updates (service governance and escalation ownership remain with the Head of CCD).
Requirements
Do you have a Master's degree?, * Master's or Engineering degree in cybersecurity, computer science, Information Technology, software engineering, or a related field (or equivalent proven experience).
-
3 to 7 years of experience in a technical cybersecurity role, ideally in one (or a mix) of the following areas: SOC engineering, security tooling integration, automation, detection engineering, or security operations engineering.
-
Proven hands-on experience operating and evolving security tooling in production, with a focus on reliability, maintainability and scalability (configuration management, upgrades, monitoring, troubleshooting).
-
Demonstrated experience onboarding new environments to security tooling in heterogeneous contexts (Cloud, on-prem, IT/OT constraints).
-
Strong experience in automation: building playbooks/workflows and automating repetitive operational tasks (triage/enrichment, routing, reporting, notifications, ticketing integration), using scripting and APIs.
-
Good understanding of log/telemetry concepts and correlation principles; experience with SIEM and log pipelines is a strong advantage (or strong motivation/ability to build this capability as the service scales).
-
Cloud exposure (Azure/AWS/GCP/sovereign) is a plus; interest or experience in OT constraints is a plus.
-
Cybersecurity certifications are a strong advantage (SOC/IR, cloud security, automation, etc.).
Behavioral Capabilities
-
Autonomous and hands-on, with a strong "get-things-done" mindset in an environment that is scaling and evolving.
-
Strong rigor: reliable execution, structured troubleshooting, attention to detail, documentation reflex.
-
Automation-first mentality: naturally driven to remove manual steps, standardize, and industrialize processes to operate efficiently with a lean team.
-
Strong collaboration and communication skills, able to work with Business Units, local security teams, internal Cyberdefense functions and vendors/partners.
-
Curious, proactive and continuously learning; comfortable assessing new tools/approaches pragmatically.
-
Strong ethics and discretion.
-
Comfortable working in a multicultural, distributed team.
Skills
-
Understanding of SOC workflows (triage, enrichment, qualification, escalation) and operational constraints.
-
Familiarity with EDR/SOAR concepts and workflows; exposure to SIEM/log management/correlation is a strong plus.
-
Automation & scripting: ability to automate via APIs and scripting (e.g., Python/PowerShell), with good practices (versioning, testing, maintainability); CI/CD and "automation as code" is a plus.
-
Understanding of log collection constraints, data quality, normalization, parsing, and correlation readiness.
-
Documentation & operationalization: ability to produce runbooks, integration guides, technical notes, and to ensure repeatable handover.
-
Fluent professional English in an international context.
-
You may be required to travel within the Equans perimeter., Join a dynamic team of passionate professionals, actively involved in prestigious cybersecurity collaboration networks. Be part of a culture that values excellence, innovation, and mutual support.