Customer Cyber Defense Engineer (M/F/X)

1. EQUANS 

Equans is a world leader in the energy and services sector, with annual revenues of nearly €19,2 billion* and almost 800,000 projects.​ 

Equans has leading positions in Europe, which is the result of the history of energy construction in these countries, and strong presences in North and South America and in Oceania.​ 

With nearly 90,000 highly skilled employees, Equans has a strong geographic footprint, anchored by historic local brands. Equans provides its customers with excellent technical expertise in the design, installation, maintenance, and operation of multi-technical facilities. This know-how is based on key skills. First of all, in electrical and thermal engineering – two strong points that help accelerate the reduction of our clients’ carbon footprint – but also in ventilation, refrigeration, mechanics and robotics, fire protection, energy renovation, digital solutions, IT, cyber security and telecommunications.​ 

The combination of thes expertises allows us to offer efficient and optimised solutions at all stages of the energy chain, from production, storage and transport to usage. 

(*) Turnover 2024 consolidated 

1. SOC ENGINEER 

SUMMARY OF THE ROLE

Customer Cyber Defense (CCD) team, part of SLS Cyber Customer Trust (SLS CCT), is the OneITeam organization responsible for delivering detection (SOC), vulnerability management and incident response services for Equans-owned business systems (IT/OT) that support the delivery of services to Equans customers. 

Reporting to the Head of CCD, the CCD Engineer is responsible for the technical build-up, integration and run-ready implementation of the CCD tooling stack, with a strong focus on automation. The role covers the deployment and evolution of detection and vulnerability management capabilities (starting with CrowdStrike and SOAR enablement, and evolving towards SIEM/log correlation and potentially OT sensors), the industrialization of technical processes (ingestion, triage, playbooks, reporting), and the continuous improvement of operational efficiency to enable CCD scale-up with a small team. 

The position requires close collaboration with Business Units, local CCT security teams, internal Cyberdefense functions, and solution providers/partners, acting as the day-to-day technical point of contact for tooling and integrations. 

KEY METRICS OF THE ENVIRONMENT 

• Workstations: 5000 

• Servers: 4000 

• Hosting: 80% of the IT are managed on Azure and AWS, new Customer Landing Zones (CLZ) to come to host business systems (projects, production, etc.). These Customer Landing Zones will be operated in Azure, AWS, GCP, and potential sovereign European CSP. 

• Teammates: 4,5 FTE in Customer Cyber Defense team (including the Head of CCD) 

KEY RESPONSIBILITIES 

As a key technical contributor to CCD scale-up, the CCD Engineer is responsible for delivering and industrializing the tooling and automation foundations required to operate and expand the service efficiently with a lean team. 

• Tooling operations (CrowdStrike & SOAR): ensure the operational maintenance of the existing tooling stack where already deployed (CrowdStrike and SOAR), including health monitoring, upgrades, configuration management, access management, and operational readiness. 

• Environment onboarding: onboard new Equans-owned business systems into the CCD tooling stack by driving the technical integration end-to-end, ensuring consistent and repeatable deployments. 

• SOAR-first operations (automated SOC N1): build and continuously improve a SOAR-driven model where first-line activities are automated by design (triage, enrichment, first qualification, routing/assignment, notifications, evidence collection), by developing new playbooks and optimizing existing ones. 

• Vulnerability management automation (risk-based): industrialize and automate vulnerability workflows end-to-end, including asset/context collection enrichment with risk signals/analysis, generation of risk-based reporting, automated communications to stakeholders. 

• Technical roadmap execution (SIEM & beyond): contribute to and deliver the technical evolution of CCD capabilities over time, including preparation and implementation of SIEM onboarding, log correlation, additional telemetry sources (identities, Cloud, firewall, etc.), and (where relevant) OT visibility/sensing components. 

• CLZ readiness (Customer Landing Zones): contribute to making CCD deployable by default in new CLZ (hosting for business systems) by defining technical standards and integration patterns, and ensuring alignment with evolving CLZ building blocks. 

• Workflow industrialization: contribute to the lifecycle management of detection content and operational workflows (use cases, rules, playbooks), including testing, tuning, versioning and continuous optimization. 

• POCs and technical assessments: propose and support request for proposals and proof-of-concept activities for new tools/technologies. 

• Operational documentation: produce and maintain technical documentation, runbooks, integration guides and architecture notes; contribute to the internal knowledge base and ensure operational handover is repeatable. 

• Technical support to operations: provide technical support to analysts and stakeholders on tooling, workflows and investigations. 

• Provider technical interface: act as the technical point of contact for vendors/partners for integrations, troubleshooting and updates (service governance and escalation ownership remain with the Head of CCD). 

PROFILE  

Academic background & Experience  

• Master’s or Engineering degree in cybersecurity, computer science, Information Technology, software engineering, or a related field (or equivalent proven experience). 

• 3 to 7 years of experience in a technical cybersecurity role, ideally in one (or a mix) of the following areas: SOC engineering, security tooling integration, automation, detection engineering, or security operations engineering. 

• Proven hands-on experience operating and evolving security tooling in production, with a focus on reliability, maintainability and scalability (configuration management, upgrades, monitoring, troubleshooting). 

• Demonstrated experience onboarding new environments to security tooling in heterogeneous contexts (Cloud, on-prem, IT/OT constraints). 

• Strong experience in automation: building playbooks/workflows and automating repetitive operational tasks (triage/enrichment, routing, reporting, notifications, ticketing integration), using scripting and APIs. 

• Good understanding of log/telemetry concepts and correlation principles; experience with SIEM and log pipelines is a strong advantage (or strong motivation/ability to build this capability as the service scales). 

• Cloud exposure (Azure/AWS/GCP/sovereign) is a plus; interest or experience in OT constraints is a plus. 

• Cybersecurity certifications are a strong advantage (SOC/IR, cloud security, automation, etc.). 

Behavioral Capabilities​ 

• Autonomous and hands-on, with a strong “get-things-done” mindset in an environment that is scaling and evolving. 

• Strong rigor: reliable execution, structured troubleshooting, attention to detail, documentation reflex. 

• Automation-first mentality: naturally driven to remove manual steps, standardize, and industrialize processes to operate efficiently with a lean team. 

• Strong collaboration and communication skills, able to work with Business Units, local security teams, internal Cyberdefense functions and vendors/partners. 

• Curious, proactive and continuously learning; comfortable assessing new tools/approaches pragmatically. 

• Strong ethics and discretion. 

• Comfortable working in a multicultural, distributed team. 

Skills 

• Understanding of SOC workflows (triage, enrichment, qualification, escalation) and operational constraints. 

• Familiarity with EDR/SOAR concepts and workflows; exposure to SIEM/log management/correlation is a strong plus. 

• Automation & scripting: ability to automate via APIs and scripting (e.g., Python/PowerShell), with good practices (versioning, testing, maintainability); CI/CD and “automation as code” is a plus. 

• Understanding of log collection constraints, data quality, normalization, parsing, and correlation readiness. 

• Documentation & operationalization: ability to produce runbooks, integration guides, technical notes, and to ensure repeatable handover. 

• Fluent professional English in an international context. 

• You may be required to travel within the Equans perimeter.  

WHY JOIN US? 

Motivational environment 

Join a dynamic team of passionate professionals, actively involved in prestigious cybersecurity collaboration networks. Be part of a culture that values excellence, innovation, and mutual support. 

High impact 

Group CIO–sponsored initiative, regularly reported at Group Comex level: high visibility, strong impact, and direct alignment with the SLS CCT Director and the Group CISO. 

Platform in the making 

Help build the automation backbone that makes CCD scalable: SOAR-driven N1, playbooks, automated enrichment, and automated risk-based reporting. Your work will turn security operations into repeatable “automation building blocks” that can be rolled out consistently across environments. 

Scale-up mindset 

CCD is rolling out. You will help it gain speed: expand coverage, keep the platform stable, and make automation do the heavy lifting. The goal is simple: more environments protected, less manual work, every month.