Contentsquare is looking for a SOC Analyst to join our Development, Security, and Operations Team (DevSecOps). Reporting directly to a Senior Cybersecurity Engineer, you will be the first line of defense in our Security Operations Center, playing a vital role in detecting, analyzing, and responding to cyber threats across our entire global infrastructure.
Contentsquare provides a globally leading SaaS service and commits to the highest security standards for its customers. We are ISO 27001 and ISO 27701 certified and maintain robust security initiatives (SOC 2 Type 2 report, private bug bounty program, SIEM, advanced security awareness, etc.). Working alongside other cybersecurity experts, your mission will be to ensure the integrity of our products and keep our users safe by actively monitoring our environments and mitigating active threats.
Contentsquare is looking for a SOC Analyst to join our Development, Security, and Operations Team (DevSecOps). Reporting directly to a Senior Cybersecurity Engineer, you will be the first line of defense in our Security Operations Center, playing a vital role in detecting, analyzing, and responding to cyber threats across our entire global infrastructure.
Contentsquare provides a globally leading SaaS service and commits to the highest security standards for its customers. We are ISO 27001 and ISO 27701 certified and maintain robust security initiatives (SOC 2 Type 2 report, private bug bounty program, SIEM, advanced security awareness, etc.). Working alongside other cybersecurity experts, your mission will be to ensure the integrity of our products and keep our users safe by actively monitoring our environments and mitigating active threats.
Key Responsibilities
-
Alert Triage & Investigation: Monitor, triage, and investigate security alerts daily (including phishing alerts) using our central SIEM (Google SecOps). You will act as the first responder to qualify events, filter out false positives, proactively look for remediation, and collaborate with internal teams to resolve issues quickly, in addition to escalating confirmed incidents to Senior Analysts (N2/N3).
-
Multi-Source Threat Monitoring: Analyze logs and security events across our diverse, modern ecosystem, including:
-
Cloud infrastructure logs via AWS CloudTrail and Azure Activity Logs.
-
Endpoint and cloud workload telemetry via CrowdStrike (EDR + CNAPP).
-
Identity, access, and collaboration events from Okta and Google Workspace.
-
Code repository and CI/CD security alerts from GitHub.
-
Incident Response & On-Call Rotation: Participate in the investigation of security breaches. To ensure 24/7 protection of our global platform, you will take part in an on-call rotation to handle critical security incidents outside of regular business hours.
-
Playbook Optimization: Assist in continuously improving our detection capabilities by documenting your findings, updating SOC playbooks, and suggesting rule-tuning to reduce alert fatigue.
-
Vulnerability & Threat Tracking: Monitor and follow up on vulnerability resolution actions and stay informed about the latest threat landscape and common attack vectors.
-
AI/LLM Incident Augmentation: Optimize and augment incident response capabilities by leveraging AI and LLM-based agentic workflows to automate data enrichment, accelerate threat investigation, and improve response efficiency.
-
As a core operational member of the DevSecOps Team, you will be responsible for the day-to-day monitoring and initial response to security alerts. Your responsibilities include:
Desired Skills and Attributes
-
You hold a Bachelor’s or Master’s degree (Bac +5) in IT, Cybersecurity, or equivalent training.
-
You have initial experience (0 to 3 years, including internships or work-study programs) in an IT security role, ideally within a SOC.
-
Cloud & Environments: Familiar with modern cloud applications and environments. Good grasp of cloud computing architectures (AWS/Azure) and their associated security risks.
-
Security Monitoring: Basic understanding of how to query and analyze logs within a SIEM (experience with Google SecOps, or similar SIEM is a plus).
-
Endpoint Security: Familiarity with Endpoint Detection and Response (EDR) solutions and cloud native application protection platforms (CrowdStrike preferred).
-
Identity & Network Basics: Strong knowledge of web protocols, common attacks (OWASP), and identity management systems (Okta, SSO, MFA).
-
Scripting: Basic scripting skills (Python, Bash) to help automate repetitive triage tasks or data enrichment are highly appreciated.
-
Analytical & Calm: You demonstrate strong analytical skills, attention to detail, and the ability to stay calm and methodical during high-pressure security incidents.
-
Availability: You are willing and able to participate in an on-call schedule (weekends) to support our 24/7 security posture.
-
Team Player: You enjoy working collaboratively in a team while being autonomous in your daily triage tasks.
-
Fluent in English (both written and spoken). French is a strong plus.
-
In our Paris office (Headquarters), France.
Education & Experience
Technical Competencies
Soft Skills