Mistral· Engineering & Infra· Paris
CyberSecurity Engineer, SOC Analyst
Classified Tasks (17)
Automate 0%Augment 65%Human-Only 35%
Augment (11)
AI assists, human decides
Treat security telemetry as the core of active defense by analyzing telemetry to drive detection and response
analytical
Build robust detection mechanisms for diverse environments
technical
Implement automated response workflows to move from alert to remediation
technical
Design high-fidelity alert scenarios and correlation rules to detect anomalous behavior
analytical
Test and continuously tune alert scenarios and correlation rules to minimize alert fatigue
operational
Operationalize Cyber Threat Intelligence (CTI) for production use
operational
Monitor the threat landscape for threats specific to AI and cloud infrastructure
analytical
Integrate actionable threat intelligence into detection pipelines
technical
Track root causes of security alerts
analytical
Identify potential lateral movement during investigations
analytical
Determine impact of security alerts and incidents
analytical
Human-Only (6)
Requires human judgment
Monitor, defend, and respond to threats across the AI ecosystem
operational
Ensure continuous security of IT, Engineering, Science, Compute, and Infrastructure environments
operational
Partner with engineering and platform teams to centralize security logs across all environments
communication
Conduct rigorous, deep-dive investigations into security alerts
analytical
Drive the lifecycle of security incidents from containment through remediation
operational
Coordinate cross-functional crisis management during high-severity events
leadership
Job description
About Mistral At Mistral AI, we believe in the power of AI to simplify tasks, save time, and enhance learning and creativity. Our technology is designed to integrate seamlessly into daily working life. We democratize AI through high-performance, optimized, open-source and cutting-edge models, products and solutions. Our comprehensive AI platform is designed to meet enterprise needs, whether on-premises or in cloud environments. Our offerings include le Chat, the AI assistant for life and work. We are a dynamic, collaborative team passionate about AI and its potential to transform society. Our diverse workforce thrives in competitive environments and is committed to driving innovation. Our teams are distributed between France, USA, UK, Germany and Singapore. We are creative, low-ego and team-spirited. Join us to be part of a pioneering company shaping the future of AI. Together, we can make a meaningful impact. See more about our culture on https://mistral.ai/careers . Role summary Mistral AI is looking for a Security Operations Center (SOC) Analyst to monitor, defend and respond to threats accros our rapidly evolving AI ecosystem You will treat security telemetry as the core of our active defense. Your objective is to ensure the continuous security of our diverses environment, spanning IT, Engineering, Science, Compute and Infrastructure by building robust detection mechanisms and moving swiftly from alert to automated response. What you will do •Partner with engineering and platform teams to ensure the comprehensive centralization of security logs across all Mistral environments. • Design, test, and continuously tune high-fidelity alert scenarios and correlation rules to detect anomalous behavior while minimizing alert fatigue. • Operationalize Cyber Threat Intelligence (CTI), monitoring the landscape for threats specific to AI and cloud infrastructure, and integrating actionable intel directly into our detection pipelines. • Conduct rigorous, deep-dive investigations into security alerts, tracking root causes, identifying potential lateral movement, and determining impact. • Drive the lifecycle of security incidents from containment to remediation, and coordinate cross-functional crisis management during high-severity events. About you • 3+ years of experience in a Security Operations Center (SOC), Incident Response, or Threat Hunting role, ideally within a cloud-native or fast-paced tech environment. • Deep understanding of the threat landscape, the MITRE ATT&CK framework, and the methodologies required to protect high-value infrastructure and intellectual property. • Strong experience writing complex queries (e.g., KQL, Splunk SPL, or similar) and leveraging SIEM platforms to build out correlation rules and detection logic. • Ability to write practical automation scripts in Python or Go to interact with security APIs, enrich alert context, and streamline response workflows. • Proven experience participating in or leading incident response efforts, demonstrating a calm, methodical approach to high-pressure crisis management.. Hiring Process • Introduction call - 30 min • Hiring Manager interview - 30 min • Technical Rounds - Deep-Dive interview - 55 min - Panel interview - 1h15 • Culture-fit discussion - 30 min • References By applying, you agree to our Applicant Privacy Policy .