MISSION:
Ensure EMG’s digital assets, cloud platforms, applications, infrastructure, APIs, and data ecosystems are continuously monitored, protected, and defended against cyber threats.
The SOC Engineer is responsible for:
- Building and tuning security detections
- Operating EMG’s SIEM/SOAR platforms (Splunk, cloud-native tools)
- Handling cyber investigations and forensics activities
- Enhancing visibility across cloud, on-prem, and application layers
- Supporting threat hunting, response, and vulnerability remediation
- Ensuring alignment with EMG security policies, CISO directives, and regulatory obligations
This role is essential for maintaining EMG’s cybersecurity resilience in a hybrid and modernized technology landscape.
MAIN RESPONSABILITIES:
1. Security Monitoring & Detection Engineering
- Develop and maintain detection rules, dashboards, alerts, correlation logic, and analytics within:
- Splunk (SIEM)
- SOAR (such as n8n)
- cloud-native SIEM/SOC tools
- endpoint detection tools (EDR/XDR)
- identity logs
- Build detections and emerging threat patterns.
- Configure, monitor and troubleshoot security infrastructure devices and services such as EDR, DLP or CASB
- Identify opportunities for, and promote automation and new technical solutions and security tools to help mitigate security vulnerabilities and improve efficiency
2. Incident Investigation & Threat Response
- Perform L3 investigation of security alerts, including:
- anomalous authentication events
- suspicious network activities
- endpoint compromises
- cloud misconfigurations
- API misuse or credential abuse
- Execute containment and remediation actions in collaboration with cybersecurity teams, IT Ops and Engineering teams
- Produce clear incident reports and contribute to RCA and continuous improvement.
- Establishing disaster recovery procedures and conducting breach of security drills.
3. Threat Hunting
- Conduct proactive threat hunts using:
- log patterns
- anomalous behavior detection
- threat intel feeds
- historical investigations
- cloud & API-specific threat vectors
- Identify gaps in security visibility and propose instrumentation improvements.
4. Security Logging & Observability Integration
- Ensure complete and reliable logging coverage across:
- Cybersecurity tools (EDR, DLP, etc.)
- APIs
- cloud workloads
- network traffic
- databases
- CI/CD systems (GitLab)
- Work with Observability teams to ensure correlated visibility (Dynatrace + Splunk).
5. Vulnerability & Attack Surface Support
- Support vulnerability management by correlating findings with real activity logs.
- Validate remediation and track exploitation attempts related to EMG systems.
- Assist IT Ops and Engineering teams to prioritize and mitigate vulnerabilities.
6. Cyber Security Controls Validation
- Validate enforcement of cybersecurity standards (E.g., Zero Trust, MFA, encryption, identity governance).
- Test security controls effectiveness through simulations or red-team collaboration.
7. Documentation, Playbooks & Knowledge Sharing
- Maintain SOC runbooks, response playbooks, detection documentation, and forensic procedures.
- Identify and communicate current and emerging security threats
8. Collaboration Across IT & Business
- CISO (governance, escalation, risk alignment)
- Cybersecurity Architecture Manager
- IAM teams
- Cloud & Production Services
- Network & Infrastructure Ops
- Domain Engineering Teams
- Ensure consistent communication and coordination during incidents and monitoring activities.
IDEAL EXPERIENCE:
- 3-8 years in SOC, security operations, detection engineering, incident response, or cyber defense roles.
- Hands-on experience with Splunk SIEM, SOAR tools, EDR/XDR, and cloud logging.
- Understanding of cloud security (AWS/GCP), API security, microservices architecture.
SKILLS & COMPETENCIES:
- Strong log analysis, correlation, and detection engineering ability.
- Understanding of attacker techniques, threat vectors, malware behavior, identity attacks.
- Ability to operate during high-pressure security incidents.
- Knowledge of IAM flows, network security, and container security.
OTHER PERSONAL CHARACTERISTICS:
- Analytical, methodical, and rigorous.
- Calm under pressure; reliable during crises.
- Highly ethical and trustworthy.
- Curious and proactive in threat intelligence and detection improvement.
- Risk-oriented: ability to detect, assess risks, and propose realistic solutions
- Business-focused: ability to understand business priorities
Europcar Mobility Group
Europcar Mobility Group is a global mobility player, with 75 years of mobility services expertise and a leading position in Europe. “We help to change the way you move” is what we stand for and brings us together.
We offer to individuals and businesses a wide range of car and van rental services, be it for a few hours, a few days, a week, a month or more, on-demand or on subscription, relying on a fleet of more than 250.000 vehicles, equipped with the latest engines including an increasing share of electric vehicles.
Our brands address differentiated needs, use cases and expectations: Europcar® - a global leader of car rental and light commercial vehicle rental, with a premium positioning, Goldcar® - a frontrunner at providing low-cost car rental services in Europe, and Fox-Rent-A-Car®, one of the main players in the car rental market in the US, with a "value for money" positioning.
Customers’ satisfaction is at the heart of the Group’s ambition and that of our more than 8,000 employees, everywhere we deliver our mobility solutions, thanks to a strong network in over 130 countries.
More info at: www.europcar-mobility-group.com
