Ledger - Security Operations Engineer
Requirements
• 1 to 3 years of experience in security operations, SOC, IT, infrastructure, or a related technical role (an outstanding cybersecurity internship or an entry-level SOC position counts). You are a talented engineer who learns quickly and is eager to take on responsibilities. • An interest in Web3 and blockchain security is a plus (Ledger operates in the world of digital assets). • A solid grasp of SecOps fundamentals: triage, investigation, incident response, log analysis, and documentation. • Practical experience with an SIEM (ideally Splunk), including writing and refining queries and detection logic; and with an EDR (ideally CrowdStrike). • A good understanding of the cloud (ideally AWS): IAM, audit logs, workloads, containers, and Kubernetes. • The ability to automate using Python, Bash, APIs, GitHub Actions, a SOAR platform, or equivalent. • An interest in AI applied to security, agent-based workflows, and SOC automation. • Independence, proactivity, thoroughness, and attention to detail: you take on responsibilities, follow our processes carefully, and know when to seek support from senior colleagues. • Ability to conduct in-depth investigations, document findings clearly, and escalate issues with the appropriate level of context; awareness of confidentiality and the proper handling of sensitive information. • Professional-level English; Ledger operates in an international environment.
Responsibilities
• Operate the SOC • Analyze, prioritize, and investigate alerts (from Splunk, CrowdStrike, Wiz, AWS, and other sources), conducting your own investigations into incidents affecting endpoints, the cloud, identities, SaaS, workloads, and infrastructure. • Provide clear and actionable context, determine next steps, and bring in senior engineers for the most complex cases. • Leverage the Agentic SOC, which investigates weak signals and enriches alerts, so you can focus on the cases that matter. • Visibility & Detection • Help integrate and maintain the log sources on which the SOC relies (cloud, endpoints, identities, SaaS, infrastructure, Kubernetes) and improve data quality. • Write and optimize Splunk queries for your investigations, contribute to the team’s detection rules and catalog, and help reduce noise and improve signal quality. • Incident Response • Play an active role in investigations: collecting evidence, reconstructing timelines, and documenting actions taken. • Help oversee containment, remediation, and post-incident measures by rigorously applying our processes and turning lessons learned into detections, runbooks, or automations. • Contribute to automation and our Agentic SOC • Build and maintain automations (Torq/SOAR, GitHub Actions, scripts) that accelerate triage, enrichment, and response. • Contribute to the continuous improvement of our internal Agentic SOC—new investigation workflows, better correlation, and tighter integration with detection and response—and document playbooks and procedures. • An interest in Web3 and blockchain security is a plus (Ledger operates in the world of digital assets). • A solid grasp of SecOps fundamentals: triage, investigation, incident response, log analysis, and documentation. • Practical experience with an SIEM (ideally Splunk), including writing and refining queries and detection logic; and with an EDR (ideally CrowdStrike). • A good understanding of the cloud (ideally AWS): IAM, audit logs, workloads, containers, and Kubernetes. • The ability to automate using Python, Bash, APIs, GitHub Actions, a SOAR platform, or equivalent. • An interest in AI applied to security, agent-based workflows, and SOC automation. • Ability to conduct in-depth investigations, document findings clearly, and escalate issues with the appropriate level of context; awareness of confidentiality and the proper handling of sensitive information. • Professional-level English; Ledger operates in an international environment.
Apply in one click
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT