Security Operations Center Expert

Job description

Lenstra was founded by passionate computer science engineers with a proven track record of delivering high-quality solutions. By combining technical excellence with a strong vision, we support top-tier clients across industries such as Banking & Insurance, Luxury, and Technology.

Our expertise is structured around four core pillars: Software Development, DevSecOps, Data & AI, and Product. Through a holistic understanding of our clients’ environments, we help them address their most complex challenges—from building robust software and secure cloud platforms to designing data-driven solutions that accelerate business impact.

We are looking for a SOC Expert to detect, investigate, and respond to security threats across a global infrastructure. You will lead day-to-day incident response, improve detection coverage and quality, and develop SOAR automation to reduce response time and operational workload. You will also act as a key contact for user-reported security concerns and collaborate closely with Infrastructure and Operations teams to strengthen overall security posture and improve KPIs such as MTTD and MTTR.

Preferred experience

Incident Response & Case Management

Triage, investigate, and resolve security incidents within SLA.

Coordinate containment, eradication, and recovery efforts.

Handle user-reported security issues and escalate when necessary.

Maintain clear documentation in case management systems.

Detection Engineering

Develop and tune SIEM detection rules to improve coverage and reduce false positives.

Integrate new log sources and enhance monitoring visibility.

Map detections and investigations to the MITRE ATT&CK framework.

Build dashboards and reports to track SOC performance and risk.

SOAR & Automation

Design and implement automated playbooks (e.g., endpoint isolation, IP blocking, account disabling).

Integrate security tools to streamline response workflows.

SOC Tooling & Platform Operations

Maintain and optimize SIEM, SOAR, and related security platforms.

Perform updates, health checks, and configuration improvements.

Required Qualifications:

Degree in Computer Science, Cybersecurity, or related field.

5+ years of SOC experience in high-volume, SLA-driven environments.

Strong expertise in SIEM (rule creation, tuning, dashboards) and SOAR automation.

Experience in detection engineering, log analysis, and false-positive reduction.

AWS experience required; Azure is a plus.

Experience mapping detections to MITRE ATT&CK.

Scripting skills: Python, Bash, PowerShell.

Strong knowledge of networking protocols (TCP/IP, DNS, HTTP/S, SSL/TLS, firewalls).

Proficiency in Linux and Windows environments.

Experience with CI/CD and Git-based workflows.

Certifications such as CISSP, GCIA, GCIH, CEH, and/or SIEM/SOAR preferred.

Fluent in English and French.

View less

Recruitment process:

- 30 minutes recruiter screen

- 1h role and cultural fit interview

- 1h Dive Deep interview