Customer Cyber Defense Engineer (M/F/X)
Job:
Digital and IT / Cybersecurity
<ol> <li><span><span>EQUANS</span></span><span> </span></li> </ol> <p><span> </span></p> <p><span><span>Equans is a world leader in the energy and services sector, with annual revenues of<span> </span></span><span>nearly €19,2 billion</span><span>* and almost 800,000 projects.</span></span><span> </span></p> <p><span> </span></p> <p><span><span>Equans has leading positions in Europe, which is the result of the history of energy construction in these countries, and strong presences in North and South America and in Oceania.</span></span><span> </span></p> <p><span><span>With<span> </span></span><span>nearly 90,000</span><span><span> </span>highly skilled employees, Equans has a strong geographic footprint, anchored by historic local brands. Equans provides its customers with excellent technical<span> </span></span><span>expertise</span><span><span> </span>in the design, installation,<span> </span></span><span>maintenance,</span><span><span> </span>and operation of multi-technical facilities. This<span> </span></span><span>know-how</span><span><span> </span>is based on key skills.<span> </span></span><span>First of all</span><span>, in electrical and thermal engineering - two strong points that help accelerate the reduction of our clients' carbon footprint - but also in </span></span><a href="https://www.equans.com/expertises/hvac" target="_blank"><span><span>ventilation</span></span></a><span><span>, </span></span><a href="https://www.equans.com/expertises/cooling-fire-protection" target="_blank"><span><span>refrigeration</span></span></a><span><span>, </span></span><a href="https://www.equans.com/expertises/mechanical-robotics" target="_blank"><span><span>mechanics and robotics</span></span></a><span><span>, </span></span><a href="https://www.equans.com/expertises/cooling-fire-protection" target="_blank"><span><span>fire protection</span></span></a><span><span>, energy renovation,</span></span><a href="https://www.equans.com/expertises/digital-ict" target="_blank"><span><span> digital solutions</span></span></a><span><span>, </span></span><a href="https://www.equans.com/expertises/digital-ict" target="_blank"><span><span>IT, cyber security and telecommunications</span></span></a><span><span>.</span></span><span> </span></p> <p><span> </span></p> <p><span><span>The combination of<span> </span></span><span>thes</span><span><span> </span></span><span>expertises</span><span><span> </span>allows us to offer efficient and<span> </span></span><span>optimised</span><span><span> </span>solutions at all stages of the energy chain, from production,<span> </span></span><span>storage</span><span><span> </span>and transport to usage.</span></span><span> </span></p> <p><span> </span></p> <p><em><span><span>(*) Turnover 2024<span> </span></span><span>consolidated</span></span></em><span> </span></p> <p><span> </span></p> <p><span> </span></p> <ol> <li><span><span>S</span><span>OC<span> </span></span><span>ENGINEER</span></span><span> </span></li> </ol> <p><span> </span></p> <p><span><span>SUMMARY OF THE ROLE</span></span><span> </span></p> <p><span> </span></p> <p><span><span>Customer Cyber Defense (CCD) team, part of<span> </span></span></span><span><span>SLS Cyber Customer Trust</span></span><span><span><span> </span>(SLS CCT), is the<span> </span></span><span>OneITeam</span><span><span> </span>organization responsible for delivering detection (SOC)</span><span>,<span> </span></span><span>vulnerability management<span> </span></span><span>and incident response<span> </span></span><span>services for Equans-owned business systems (IT/OT) that support the delivery of services to Equans customers.</span></span><span> </span></p> <p><span> </span></p> <p><span><span>Reporting to the Head of CCD, the CCD Engineer<span> </span></span><span>is responsible for</span><span><span> </span>the technical build-up,<span> </span></span><span>integration</span><span><span> </span>and run-ready implementation of the CCD tooling stack, with a strong focus on automation. The role covers the deployment and evolution of detection and vulnerability management capabilities (starting with CrowdStrike and SOAR enablement, and evolving towards SIEM/log correlation and potentially OT sensors), the industrialization of technical processes (ingestion, triage, playbooks, reporting), and the continuous improvement of operational efficiency to enable CCD scale-up with a small team.</span></span><span> </span></p> <p><span> </span></p> <p><span><span>The position requires close collaboration with Business Units, local CCT security teams, internal<span> </span></span><span>C</span><span>yberdefense</span><span><span> </span>functions, and solution providers/partners, acting as the day-to-day technical point of contact for tooling and integrations.</span></span><span> </span></p> <p><span> </span></p> <p><span><span>KEY METRICS OF THE ENVIRONMENT</span></span><span> </span></p> <p><span> </span></p> <ul> <li><strong><span><span>Workstations:<span> </span></span></span></strong><span><span>5000</span></span><span> </span></li> </ul> <ul> <li><strong><span><span>Servers:<span> </span></span></span></strong><span><span>4000</span></span><span> </span></li> </ul> <ul> <li><strong><span><span>Hosting:<span> </span></span></span></strong><span><span>80% of the IT<span> </span></span><span>are</span><span><span> </span>managed on Azure and AWS</span><span>, new Customer Landing Zones (CLZ) to come to host business systems (projects, production, etc.). These Customer Landing Zones will be<span> </span></span><span>operated</span><span><span> </span>in Azure, AWS, GCP, and potential sovereign European CSP.</span></span><span> </span></li> </ul> <ul> <li><strong><span><span>Teammates:<span> </span></span></span></strong><span><span>4,5 FTE in Customer Cyber Defense team (including the Head of CCD)</span></span><span> </span></li> </ul> <p><span> </span></p> <p><span><span>KEY RESPONSIBILITIES</span></span><span> </span></p> <p><span> </span></p> <p><span><span>As a key technical contributor to CCD scale-up, the CCD Engineer<span> </span></span><span>is responsible for</span><span><span> </span>delivering and industrializing the tooling and automation foundations<span> </span></span><span>required</span><span><span> </span>to<span> </span></span><span>operate</span><span><span> </span>and expand the service efficiently with a lean team.</span></span><span> </span></p> <ul> <li><strong><span><span>Tooling operations</span></span></strong><span><span><span> </span>(CrowdStrike & SOAR): ensure the operational maintenance of the existing tooling stack where already deployed (CrowdStrike and SOAR), including health monitoring, upgrades, configuration management, access management, and operational readiness.</span></span><span> </span></li> </ul> <ul> <li><strong><span><span>Environment onboarding</span></span></strong><span><span>: onboard new Equans-owned<span> </span></span><span>b</span><span>usiness<span> </span></span><span>systems</span><span><span> </span>into the CCD tooling stack by driving the technical integration end-to-end, ensuring consistent and repeatable deployments.</span></span><span> </span></li> </ul> <ul> <li><strong><span><span>SOAR-first operations</span></span></strong><span><span><span> </span>(automated<span> </span></span><span>SOC<span> </span></span><span>N1): build and continuously improve a SOAR-driven model where first-line activities are automated by design (triage, enrichment, first qualification, routing/assignment, notifications, evidence collection), by developing new playbooks and<span> </span></span><span>optimizing</span><span><span> </span>existing ones.</span></span><span> </span></li> </ul> <ul> <li><strong><span><span>Vulnerability management automation</span></span></strong><span><span><span> </span>(risk-based): industrialize and automate vulnerability workflows end-to-end, including asset/context collection</span><span><span> </span></span><span>enrichment with risk signals</span><span>/analysis</span><span>, generation of risk-based reporting, automated communications to stakeholders</span><span>.</span></span><span> </span></li> </ul> <ul> <li><strong><span><span>Technical roadmap execution</span></span></strong><span><span><span> </span>(SIEM & beyond): contribute to and deliver the technical evolution of CCD capabilities over time, including preparation and implementation of SIEM onboarding, log correlation,<span> </span></span><span>additional</span><span><span> </span>telemetry sources</span><span><span> </span>(</span><span>identities</span><span>,</span><span><span> </span></span><span>Cloud</span><span>,</span><span><span> </span></span><span>firewall</span><span>,</span><span><span> </span>etc.)</span><span>, and (where relevant) OT visibility/sensing components.</span></span><span> </span></li> </ul> <ul> <li><strong><span><span>CLZ readiness (Customer Landing Zones)</span></span></strong><span><span>: contribute to making CCD deployable by default in new CLZ<span> </span></span><span>(</span><span>hosting for</span><span><span> </span>business systems)<span> </span></span><span>by defining technical standards and integration<span> </span></span><span>patterns, and</span><span><span> </span>ensuring alignment with evolving CLZ building blocks.</span></span><span> </span></li> </ul> <ul> <li><strong><span><span>W</span><span>orkflow industrialization</span></span></strong><span><span>: contribute to the lifecycle management of detection content and operational workflows (use cases, rules, playbooks), including testing, tuning,<span> </span></span><span>versioning</span><span><span> </span>and continuous optimization.</span></span><span> </span></li> </ul> <ul> <li><strong><span><span>POCs and technical assessments</span></span></strong><span><span>: propose and support<span> </span></span><span>request</span><span><span> </span>for proposals and<span> </span></span><span>proof-of-concept activities for new tools/technologies.</span></span><span> </span></li> </ul> <ul> <li><strong><span><span>Operational documentation</span></span></strong><span><span>: produce and<span> </span></span><span>maintain</span><span><span> </span>technical documentation, runbooks, integration<span> </span></span><span>guides</span><span><span> </span>and architecture notes; contribute to the internal knowledge base and ensure operational handover is repeatable.</span></span><span> </span></li> </ul> <ul> <li><strong><span><span>Technical support to operations</span></span></strong><span><span>: provide technical support to analysts and stakeholders on tooling,<span> </span></span><span>workflows</span><span><span> </span>and investigations.</span></span><span> </span></li> </ul> <ul> <li><strong><span><span>Provider technical interface</span></span></strong><span><span>: act as the technical point of contact for vendors/partners for integrations, troubleshooting and<span> </span></span><span>updates</span><span><span> </span>(service governance and escalation ownership remain with the Head of CCD).</span></span><span> </span></li> </ul> <p><span> </span></p> <p><span> </span></p> <p><span><span>PROFILE </span></span><span> </span></p> <p><span> </span></p> <p><span><span>Academic background & Experience </span></span><span> </span></p> <ul> <li><span><span>Master’s<span> </span></span><span>or Engineering<span> </span></span><span>degree in<span> </span></span><span>cybersecurity, c</span><span>omputer<span> </span></span><span>s</span><span>cience, Information Technology,<span> </span></span><span>s</span><span>oftware<span> </span></span><span>e</span><span>ngineering, or a related field (or equivalent proven experience).</span></span><span> </span></li> </ul> <ul> <li><span><span>3 to<span> </span></span><span>7</span><span><span> </span>years of experience in a technical cybersecurity role, ideally in one (or a mix) of the following areas: SOC engineering, security tooling integration, automation, detection engineering, or security operations engineering.</span></span><span> </span></li> </ul> <ul> <li><span><span>Proven hands-on experience<span> </span></span><span>operating</span><span><span> </span>and evolving security tooling in production, with a focus on reliability,<span> </span></span><span>maintainability</span><span><span> </span>and scalability (configuration management, upgrades, monitoring, troubleshooting).</span></span><span> </span></li> </ul> <ul> <li><span><span>Demonstrated experience onboarding new environments to security tooling in heterogeneous contexts (</span><span>C</span><span>loud, on-prem, IT/OT constraints).</span></span><span> </span></li> </ul> <ul> <li><span><span>Strong experience in automation: building playbooks/workflows and automating repetitive operational tasks (triage/enrichment, routing, reporting, notifications, ticketing integration), using scripting and APIs.</span></span><span> </span></li> </ul> <ul> <li><span><span>Good</span><span><span> </span>understanding of log/telemetry concepts and correlation principles; experience with SIEM and log pipelines is a strong advantage (or strong motivation/ability to build this capability as the service scales).</span></span><span> </span></li> </ul> <ul> <li><span><span>Cloud exposure (Azure/AWS</span><span>/GCP/sovereign</span><span>) is a plus; interest or experience in OT</span><span><span> </span></span><span>constraints</span><span><span> </span></span><span>is a plus.</span></span><span> </span></li> </ul> <ul> <li><span><span>Cybersecurity certifications are a strong advantage (SOC/IR, cloud security, automation, etc.).</span></span><span> </span></li> </ul> <p><span> </span></p> <p><span><span>Behavioral Capabilities</span></span><span> </span></p> <ul> <li><span><span>Autonomous and hands-on, with a strong “get-things-done” mindset in an environment that is scaling and evolving.</span></span><span> </span></li> </ul> <ul> <li><span><span>Strong rigor: reliable execution, structured troubleshooting, attention to detail, documentation reflex.</span></span><span> </span></li> </ul> <ul> <li><span><span>Automation-first mentality: naturally driven to remove manual steps, standardize, and industrialize processes to<span> </span></span><span>operate</span><span><span> </span>efficiently with a lean team.</span></span><span> </span></li> </ul> <ul> <li><span><span>Strong collaboration and communication skills, able to work with Business Units, local security teams, internal<span> </span></span><span>Cyberdefense</span><span><span> </span>functions and vendors/partners.</span></span><span> </span></li> </ul> <ul> <li><span><span>Curious,<span> </span></span><span>proactive</span><span><span> </span>and<span> </span></span><span>continuously</span><span><span> </span>learning; comfortable assessing new tools/approaches pragmatically.</span></span><span> </span></li> </ul> <ul> <li><span><span>Strong ethics and discretion.</span></span><span> </span></li> </ul> <ul> <li><span><span>Comfortable working in a multicultural, distributed team.</span></span><span> </span></li> </ul> <p><span> </span></p> <p><span><span>Skills</span></span><span> </span></p> <ul> <li><span><span>U</span><span>nderstanding of</span><span><span> </span>SOC workflows (triage, enrichment, qualification, escalation) and operational constraints.</span></span><span> </span></li> </ul> <ul> <li><span><span>Familiarity</span><span><span> </span>with EDR/SOAR concepts and workflows; exposure to SIEM/log management/correlation is a strong plus.</span></span><span> </span></li> </ul> <ul> <li><span><span>Automation & scripting:<span> </span></span><span>ability</span><span><span> </span>to automate via APIs and scripting (e.g., Python/PowerShell), with good practices (versioning, testing, maintainability); CI/CD and “automation as code” is a plus.</span></span><span> </span></li> </ul> <ul> <li><span><span>U</span><span>nderstanding of</span><span><span> </span>log collection constraints, data quality, normalization, parsing, and<span> </span></span><span>correlation</span><span><span> </span>readiness.</span></span><span> </span></li> </ul> <ul> <li><span><span>Documentation & operationalization: ability to produce runbooks, integration guides, technical notes, and to ensure repeatable handover.</span></span><span> </span></li> </ul> <ul> <li><span><span>Fluent professional English in an international context.</span></span><span> </span></li> </ul> <ul> <li><span><span>You may<span> </span></span><span>be required</span><span><span> </span>to travel within the Equans perimeter. </span></span><span> </span></li> </ul> <p><span> </span></p> <p><span><span>WHY JOIN US?</span></span><span> </span></p> <p><strong><span><span>Motivational<span> </span></span><span>e</span><span>nvironment</span></span></strong><span> </span></p> <p><span><span>Join a dynamic team of passionate professionals, actively involved in prestigious cybersecurity collaboration networks. Be part of a culture that values excellence, innovation, and mutual support.</span></span><span> </span></p> <p><strong><span><span>High<span> </span></span><span>i</span><span>mpact</span></span></strong><span> </span></p> <p><span><span>Group CIO–sponsored initiative, regularly reported at Group Comex level: high visibility, strong impact, and direct alignment with the SLS CCT Director and the Group CISO.</span></span><span> </span></p> <p><strong><span><span>Platform in the making</span></span></strong><span> </span></p> <p><span><span>Help build the automation backbone that makes CCD scalable: SOAR-driven N1, playbooks, automated enrichment, and automated risk-based reporting. Your work will turn security operations into repeatable “automation building blocks” that can be rolled out consistently across environments.</span></span><span> </span></p> <p><strong><span><span>Scale-up mindset</span></span></strong><span> </span></p> <p><span><span>CCD is rolling out. You</span><span><span> </span>wi</span><span>ll help it gain speed: expand coverage, keep the platform stable, and make automation do the heavy lifting. The goal is simple</span><span>:<span> </span></span><span>more environments protected, less manual work, every month.</span></span><span> </span></p>