# Team Lead, SOC (Security Operations Center) **Company**: Mistral AI **Location**: Paris **Work arrangement**: hybrid **Experience**: senior **Job type**: full-time **Category**: Engineering **Industry**: Technology **Wikidata**: https://www.wikidata.org/wiki/Q119718658 **Apply**: https://jobs.lever.co/mistral/e0b55281-55c6-4143-9bf8-e4418c667f9f **Canonical**: https://yubhub.co/jobs/job_3e75d44f-c7f ## Description About this role We are looking for a SOC (Security Operations Center) Team Lead to build and lead our SOC function end-to-end. You will own vulnerability management, alerting and detection engineering, incident response, and the security tooling/infrastructure that enable these missions. You’ll define processes, collaborate closely with Product, Infra and IT, and continuously improve detection quality and response time. Key responsibilities • Lead & grow the team: Manage the SOC team, shape the roadmap, delegate effectively, and mentor engineers. • Drive operations: - Define vulnerability management processes and coordinate stakeholders for timely remediation. - Design, implement, and operate SIEM/SOAR infrastructure (ingestion, normalization, correlation, alerting, playbooks). - Specify logging requirements across our main stacks and centralize telemetry in the SIEM. - Develop and tune correlation rules and detections; manage CTI intake and operationalize intel. - Run continuous improvement to reduce false positives and raise signal quality. - Establish crisp procedures for alert triage, escalation, and incident handling & investigation. - Lead incident communications with stakeholders and ensure thorough documentation. • Engineering & enablement: - Contribute to security tooling, automation, and integrations that speed up detection/response. - Produce guidance and documentation for product/infra teams; contribute to compliance in the SOC perimeter. • Exercises & assurance: - Coordinate red/blue exercises, post-mortems, and targeted audits to validate coverage and resilience. Requirements • 8+ years of experience leading SOC/CSIRT functions, with proven leadership. • Hands-on with SIEM (e.g., Elastic Security, Sekoia, Splunk) and SOAR platforms. • Strong experience in vulnerability management (e.g., DefectDojo, Dependency-Track) and remediation workflows. • Solid grasp of the cyber kill chain / attack lifecycle, detection engineering, and log source coverage. • Excellent problem-solving and communication skills; able to operate in a fast-paced startup environment. • Builder mindset: pragmatic, automation-oriented, comfortable with ambiguity and ownership. Nice to have • Bring scripting/automation skills (e.g., Python, Bash) for data pipelines/playbooks. • Know modern infra/app stacks (Linux, containers, Kubernetes, cloud), EDR/IDS/IPS. • Have exposure to compliance frameworks (ISO 27001, SOC 2) and security audits/pen-tests. • Have run purple team exercises and measurable detection-coverage programs. • Are comfortable partnering with Product/Platform teams and influencing roadmaps. ## Skills ### Required - SIEM - SOAR - vulnerability management - remediation workflows - cyber kill chain - detection engineering - log source coverage - problem-solving - communication skills ### Nice to have - scripting/automation skills - modern infra/app stacks - EDR/IDS/IPS - compliance frameworks - security audits/pen-tests - purple team exercises