Epi Company logotype

This website uses cookies to ensure you get the best experience.

Epi Company and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics and marketing purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, which is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor

These cookies are used to make advertising messages more relevant to you. In some cases, they also deliver additional functions on the site.

Vendors Linkedin
Skip to main content
Epi Company career site
Operations & Service Delivery · Remote-First in France, Remote-First in Germany, Remote-First in Netherlands · Fully Remote

SOC Engineer – Remote-First

We usually respond within three days

🚀 Be part of a movement to change the way Europe pays

In today’s digital world, payments often still feel outdated: random delays and confusing rules make it harder than it should be to pay and get paid. The European Payments Initiative (EPI) is here to change all that, forever.

With Wero, our digital wallet, we make sending and receiving money simple, seamless and secure across France, Belgium and Germany, with more countries and omnichannel solutions coming soon. Supported by 14 major banks and the two largest European acquirers, EPI is building a new, proudly European payment system: easy, instant and transparent, all for the greater good.

🔎 What's in it for you

We are currently looking for a SOC Engineer – Threat Hunting & Incident Response with strong technical expertise and a strategic mindset to enhance our detection and response capabilities. You will be a key member of the team, working closely with another SOC expert to triage alerts, conduct incident response based on the SANS PICERL framework, perform hypothesis-driven threat hunting and threat intelligence activities, and continuously improve our detection and automation workflows. You’ll contribute across the full SOC lifecycle - from Tier 1 to Tier 3 - and help shape our SOC strategy.

💥 Your impact

  • Act as a central point of contact for alert triage and incident identification

  • Execute incident response activities using the SANS PICERL framework

  • Conduct proactive, hypothesis-driven threat hunts based on attacker behavior and emerging threats

  • Parse and analyze logs from diverse sources (authentication, application, system, cloud telemetry, etc.)

  • Design and refine detection rules, use cases, and dashboards to identify anomalies, lateral movement, and persistent threats

  • Create and maintain custom alerts and automation workflows for auto-remediation

  • Correlate internal and external threat intelligence to support hunting and detection

  • Map attacker techniques to MITRE ATT&CK and enrich findings with context

  • Document and communicate threat findings to technical and non-technical stakeholders

  • Collaborate with engineering, SOC, IR, and IT teams to improve detection coverage and response capabilities

  • Contribute to the development and maintenance of SOC playbooks and runbooks

  • Support continuous improvement of SIEM and EDR tooling and integrations

  • Ensure visibility and detection coverage across cloud environments

  • Participate in compliance and audit activities related to incident response and detection


💻 Technology stack

  • Primary: Rapid 7, Microsoft Defender

  • Secondary: Jira, Confluence, GitHub, PagerDuty, Okta


🕵🏻‍♀️ To succeed, you should meet at least 70% of these requirements

  • +5 years of experience in cybersecurity, with strong hands-on experience as a SOC analyst or incident responder

  • Familiarity with the full SOC lifecycle (Tier 1 to Tier 3), including alert triage, incident response, threat hunting, and threat intelligence

  • Proven experience in threat hunting, detection engineering, or threat intelligence

  • Solid understanding of SIEM and EDR technologies, log parsing, and detection engineering

  • Experience with scripting and querying (e.g., Python, PowerShell, KQL, etc.) to support automation and custom alerting

  • Ability to analyze and correlate logs from diverse sources (authentication, application, system, cloud telemetry)

  • Knowledge of attacker TTPs, MITRE ATT&CK, threat exposure, and attack path analysis

  • Experience creating and maintaining playbooks and automation workflows for incident response

  • Familiarity with Microsoft Entra ID and its integration into detection and response workflows

  • Fluent in English (CEFR C1 or C2) is mandatory; proficiency in German, Dutch, French, or any additional European languages is a plus

  • Strong communication skills and the ability to present technical findings clearly to both technical and non-technical stakeholders

  • Participate in a 24/7 on-call rotation (approximately one week per month) to support incident response and operational continuity

  • Experience with Rapid7 and TaHiTI are a bonus


🪜 If this looks like you, the recruitment steps are:

  1. A first call with one of our recruiters

  2. A technical interview with our Security Expert and Team Lead

  3. An interview with our CISO and Head of Operations and Service Delivery

  4. A final interview with our COO

  5. Hopefully, an offer you can’t refuse


⛔ Turn back if …

  • You’ve worked in a SOC but only followed playbooks without understanding detection logic or threat context

  • You prefer working in isolation and aren’t comfortable collaborating closely with another SOC expert

  • You’re looking for an already highly structured environment with no ambiguity or room for initiative


Otherwise apply!


🫶 Our commitment to equal employment opportunities

EPI offers the same job opportunities to all, without distinction of gender, ethnicity, religion, sexual orientation, social status, disability or age. EPI promotes the development of an inclusive work environment that mirrors the diversity of the clients our product is serving. 

Department
Operations & Service Delivery
Locations
Remote-First in France, Remote-First in Germany, Remote-First in Netherlands
Remote status
Fully Remote
More jobs
Operations & Service Delivery · Remote-First in France, Remote-First in Germany, Remote-First in Netherlands · Fully Remote

SOC Engineer – Remote-First

Loading application form

Already working at Epi Company?

Let’s recruit together and find your next colleague.

Applicant tracking system by Teamtailor