SOC Engineer

Job Description

MISSION:
Ensure EMGs digital assets cloud platforms applications infrastructure APIs and data ecosystems are continuously monitored protected and defended against cyber threats.

The SOC Engineer is responsible for:

• Building and tuning security detections
• Operating EMGs SIEM/SOAR platforms (Splunk cloud-native tools)
• Handling cyber investigations and forensics activities
• Enhancing visibility across cloud on-prem and application layers
• Supporting threat hunting response and vulnerability remediation
• Ensuring alignment with EMG security policies CISO directives and regulatory obligations

This role is essential for maintaining EMGs cybersecurity resilience in a hybrid and modernized technology landscape.

MAIN RESPONSABILITIES:

1. Security Monitoring & Detection Engineering
Develop and maintain detection rules dashboards alerts correlation logic and analytics within:

• Splunk (SIEM)
• SOAR (such as n8n)
• cloud-native SIEM/SOC tools
• endpoint detection tools (EDR/XDR)
• identity logs

Build detections and emerging threat patterns.
Configure monitor and troubleshoot security infrastructure devices and services such as EDR DLP or CASB
Identify opportunities for and promote automation and new technical solutions and security tools to help mitigate security vulnerabilities and improve efficiency

2. Incident Investigation & Threat Response
Perform L3 investigation of security alerts including:

• anomalous authentication events
• suspicious network activities
• endpoint compromises
• cloud misconfigurations
• API misuse or credential abuse

Execute containment and remediation actions in collaboration with cybersecurity teams IT Ops and Engineering teams
Produce clear incident reports and contribute to RCA and continuous improvement.
Establishing disaster recovery procedures and conducting breach of security drills.

3. Threat Hunting
Conduct proactive threat hunts using:

• log patterns
• anomalous behavior detection
• threat intel feeds
• historical investigations
• cloud & API-specific threat vectors

Identify gaps in security visibility and propose instrumentation improvements.

4. Security Logging & Observability Integration
Ensure complete and reliable logging coverage across:

• Cybersecurity tools (EDR DLP etc.)
• APIs
• cloud workloads
• network traffic
• databases
• CI/CD systems (GitLab)

Work with Observability teams to ensure correlated visibility (Dynatrace Splunk).

5. Vulnerability & Attack Surface Support
Support vulnerability management by correlating findings with real activity logs.

Validate remediation and track exploitation attempts related to EMG systems.
Assist IT Ops and Engineering teams to prioritize and mitigate vulnerabilities.

6. Cyber Security Controls Validation
Validate enforcement of cybersecurity standards (E.g. Zero Trust MFA encryption identity governance).
Test security controls effectiveness through simulations or red-team collaboration.

7. Documentation Playbooks & Knowledge Sharing
Maintain SOC runbooks response playbooks detection documentation and forensic procedures.
Identify and communicate current and emerging security threats

8. Collaboration Across IT & Business
Work closely with:

• CISO (governance escalation risk alignment)
• Cybersecurity Architecture Manager
• IAM teams
• Cloud & Production Services
• Network & Infrastructure Ops
• Domain Engineering Teams

Ensure consistent communication and coordination during incidents and monitoring activities.

IDEAL EXPERIENCE:

• 3-8 years in SOC security operations detection engineering incident response or cyber defense roles.
• Hands-on experience with Splunk SIEM SOAR tools EDR/XDR and cloud logging.
• Understanding of cloud security (AWS/GCP) API security microservices architecture.

SKILLS & COMPETENCIES:

• Strong log analysis correlation and detection engineering ability.
• Understanding of attacker techniques threat vectors malware behavior identity attacks.
• Ability to operate during high-pressure security incidents.
• Knowledge of IAM flows network security and container security.

OTHER PERSONAL CHARACTERISTICS:

• Analytical methodical and rigorous.
• Calm under pressure; reliable during crises.
• Highly ethical and trustworthy.
• Curious and proactive in threat intelligence and detection improvement.
• Risk-oriented: ability to detect assess risks and propose realistic solutions
• Business-focused: ability to understand business priorities

Europcar Mobility Group

Europcar Mobility Group is a global mobility player with 75 years of mobility services expertise and a leading position in Europe. We help to change the way you move is what we stand for and brings us together.

We offer to individuals and businesses a wide range of car and van rental services be it for a few hours a few days a week a month or more on-demand or on subscription relying on a fleet of more than 250.000 vehicles equipped with the latest engines including an increasing share of electric vehicles.

Our brands address differentiated needs use cases and expectations: Europcar - a global leader of car rental and light commercial vehicle rental with a premium positioning Goldcar - a frontrunner at providing low-cost car rental services in Europe and Fox-Rent-A-Car one of the main players in the car rental market in the US with a value for money positioning.

Customers satisfaction is at the heart of the Groups ambition and that of our more than 8000 employees everywhere we deliver our mobility solutions thanks to a strong network in over 130 countries.

More info at: