CyberSecurity Engineer, SOC Analyst
About Mistral
At Mistral AI, we believe in the power of AI to simplify tasks, save time, and enhance learning and creativity. Our technology is designed to integrate seamlessly into daily working life.
We democratize AI through high-performance, optimized, open-source and cutting-edge models, products and solutions. Our comprehensive AI platform is designed to meet enterprise needs, whether on-premises or in cloud environments. Our offerings include le Chat, the AI assistant for life and work.
We are a dynamic, collaborative team passionate about AI and its potential to transform society.
Our diverse workforce thrives in competitive environments and is committed to driving innovation. Our teams are distributed between France, USA, UK, Germany and Singapore. We are creative, low-ego and team-spirited.
Join us to be part of a pioneering company shaping the future of AI. Together, we can make a meaningful impact. See more about our culture on https://mistral.ai/careers.
Role summary
Mistral AI is looking for a Security Operations Center (SOC) Analyst to monitor, defend and respond to threats accros our rapidly evolving AI ecosystem
You will treat security telemetry as the core of our active defense. Your objective is to ensure the continuous security of our diverses environment, spanning IT, Engineering, Science, Compute and Infrastructure by building robust detection mechanisms and moving swiftly from alert to automated response.
What you will do
•Partner with engineering and platform teams to ensure the comprehensive centralization of security logs across all Mistral environments.
• Design, test, and continuously tune high-fidelity alert scenarios and correlation rules to detect anomalous behavior while minimizing alert fatigue.
• Operationalize Cyber Threat Intelligence (CTI), monitoring the landscape for threats specific to AI and cloud infrastructure, and integrating actionable intel directly into our detection pipelines.
• Conduct rigorous, deep-dive investigations into security alerts, tracking root causes, identifying potential lateral movement, and determining impact.
• Drive the lifecycle of security incidents from containment to remediation, and coordinate cross-functional crisis management during high-severity events.
About you
• 3+ years of experience in a Security Operations Center (SOC), Incident Response, or Threat Hunting role, ideally within a cloud-native or fast-paced tech environment.
• Deep understanding of the threat landscape, the MITRE ATT&CK framework, and the methodologies required to protect high-value infrastructure and intellectual property.
• Strong experience writing complex queries (e.g., KQL, Splunk SPL, or similar) and leveraging SIEM platforms to build out correlation rules and detection logic.
• Ability to write practical automation scripts in Python or Go to interact with security APIs, enrich alert context, and streamline response workflows.
• Proven experience participating in or leading incident response efforts, demonstrating a calm, methodical approach to high-pressure crisis management..
Hiring Process
• Introduction call - 30 min
• Hiring Manager interview - 30 min
• Technical Rounds
- Dee-Dive interview - 55 min
- Panel interview - 1h15
• Culture-fit discussion - 30 min
• References
About Mistral
At Mistral AI, we believe in the power of AI to simplify tasks, save time, and enhance learning and creativity. Our technology is designed to integrate seamlessly into daily working life.
We democratize AI through high-performance, optimized, open-source and cutting-edge models, products and solutions. Our comprehensive AI platform is designed to meet enterprise needs, whether on-premises or in cloud environments. Our offerings include le Chat, the AI assistant for life and work.
We are a dynamic, collaborative team passionate about AI and its potential to transform society.
Our diverse workforce thrives in competitive environments and is committed to driving innovation. Our teams are distributed between France, USA, UK, Germany and Singapore. We are creative, low-ego and team-spirited.
Join us to be part of a pioneering company shaping the future of AI. Together, we can make a meaningful impact. See more about our culture on https://mistral.ai/careers.
Role summary
Mistral AI is looking for a Security Operations Center (SOC) Analyst to monitor, defend and respond to threats accros our rapidly evolving AI ecosystem
You will treat security telemetry as the core of our active defense. Your objective is to ensure the continuous security of our diverses environment, spanning IT, Engineering, Science, Compute and Infrastructure by building robust detection mechanisms and moving swiftly from alert to automated response.
What you will do
•Partner with engineering and platform teams to ensure the comprehensive centralization of security logs across all Mistral environments.
• Design, test, and continuously tune high-fidelity alert scenarios and correlation rules to detect anomalous behavior while minimizing alert fatigue.
• Operationalize Cyber Threat Intelligence (CTI), monitoring the landscape for threats specific to AI and cloud infrastructure, and integrating actionable intel directly into our detection pipelines.
• Conduct rigorous, deep-dive investigations into security alerts, tracking root causes, identifying potential lateral movement, and determining impact.
• Drive the lifecycle of security incidents from containment to remediation, and coordinate cross-functional crisis management during high-severity events.
About you
• 3+ years of experience in a Security Operations Center (SOC), Incident Response, or Threat Hunting role, ideally within a cloud-native or fast-paced tech environment.
• Deep understanding of the threat landscape, the MITRE ATT&CK framework, and the methodologies required to protect high-value infrastructure and intellectual property.
• Strong experience writing complex queries (e.g., KQL, Splunk SPL, or similar) and leveraging SIEM platforms to build out correlation rules and detection logic.
• Ability to write practical automation scripts in Python or Go to interact with security APIs, enrich alert context, and streamline response workflows.
• Proven experience participating in or leading incident response efforts, demonstrating a calm, methodical approach to high-pressure crisis management..
Hiring Process
• Introduction call - 30 min
• Hiring Manager interview - 30 min
• Technical Rounds
- Dee-Dive interview - 55 min
- Panel interview - 1h15
• Culture-fit discussion - 30 min
• References
Location & Remote
The position is based in our Paris HQ offices and we encourage going to the office as much as we can (at least 3 days per week) to create bonds and smooth communication. Our remote policy aims to provide flexibility, improve work-life balance and increase productivity. Each manager can decide the amount of days worked remotely based on autonomy and a specific context (e.g. more flexibility can occur during summer). In any case, employees are expected to maintain regular communication with their teams and be available during core working hours.
What we offer
💰 Competitive salary and equity package
🧑⚕️ Health insurance
🚴 Transportation allowance
🥎 Sport allowance
🥕 Meal vouchers
💰 Private pension plan
🍼 Generous parental leave policy