Lenstra was founded by passionate computer science engineers with a proven track record of delivering high-quality solutions. By combining technical excellence with a strong vision, we support top-tier clients across industries such as Banking & Insurance, Luxury, and Technology.

Our expertise is structured around four core pillars: Software Development, DevSecOps, Data & AI, and Product. Through a holistic understanding of our clients’ environments, we help them address their most complex challenges—from building robust software and secure cloud platforms to designing data-driven solutions that accelerate business impact.

We are looking for a SOC Expert to detect, investigate, and respond to security threats across a global infrastructure. You will lead day-to-day incident response, improve detection coverage and quality, and develop SOAR automation to reduce response time and operational workload. You will also act as a key contact for user-reported security concerns and collaborate closely with Infrastructure and Operations teams to strengthen overall security posture and improve KPIs such as MTTD and MTTR.

Incident Response & Case Management

• Triage, investigate, and resolve security incidents within SLA.

• Coordinate containment, eradication, and recovery efforts.

• Handle user-reported security issues and escalate when necessary.

• Maintain clear documentation in case management systems.

Detection Engineering

• Develop and tune SIEM detection rules to improve coverage and reduce false positives.

• Integrate new log sources and enhance monitoring visibility.

• Map detections and investigations to the MITRE ATT&CK framework.

• Build dashboards and reports to track SOC performance and risk.

SOAR & Automation

• Design and implement automated playbooks (e.g., endpoint isolation, IP blocking, account disabling).

• Integrate security tools to streamline response workflows.

SOC Tooling & Platform Operations

• Maintain and optimize SIEM, SOAR, and related security platforms.

• Perform updates, health checks, and configuration improvements.

Required Qualifications:

• Degree in Computer Science, Cybersecurity, or related field.

• 5+ years of SOC experience in high-volume, SLA-driven environments.

• Strong expertise in SIEM (rule creation, tuning, dashboards) and SOAR automation.

• Experience in detection engineering, log analysis, and false-positive reduction.

• AWS experience required; Azure is a plus.

• Experience mapping detections to MITRE ATT&CK.

• Scripting skills: Python, Bash, PowerShell.

• Strong knowledge of networking protocols (TCP/IP, DNS, HTTP/S, SSL/TLS, firewalls).

• Proficiency in Linux and Windows environments.

• Experience with CI/CD and Git-based workflows.

• Certifications such as CISSP, GCIA, GCIH, CEH, and/or SIEM/SOAR preferred.

• Fluent in English and French.

• 30 minutes recruiter screen

• 1h role and cultural fit interview

• 1h Dive Deep interview

Dismiss services promo card