Sekoia.io is on a mission to redefine the modern SOC. To accelerate this vision, we are looking for a Senior DFIR & Detection Engineer with a unique dual mindset: a passion for deep technical threat research and a desire to shape the future of cybersecurity products.

This role has two clear dimensions. First and foremost (≈80%), you are the DFIR methodology owner for Elevate, our AI-driven SOC automation module. You will translate real-world investigation tradecraft into the logic that powers our agents. Secondarily (≈20%), you stay sharp through selective involvement in active threat research within our TDR team.

Your missions:

DFIR methodology and AI agent design (80%)

• Own the investigation taxonomy and methodology that powers Elevate's autonomous capabilities

• Define what an automated investigation looks like, end-to-end, for each detection domain we cover

• Work side by side with our AI engineering team and our internal Prompt Engineer to translate investigation reasoning into testable prompts and agent workflows

• Validate agent behavior against real and replayed incidents, be the quality bar for what ships

• Lead a rotating team of 3–5 external mid-level DFIR analysts ****who contribute on mission, ensuring their input is captured, generalized, and free of customer-specific content

• Partner with the AI team on the evaluation harness, failure mode analysis, and feedback loops

Operational anchor through TDR (20%)

• Stay hands-on with real investigations, either on internal cases or via selective participation in TDR research projects

• Publish technical research, write blog posts, or speak at conferences - encouraged, not required

• Contribute your perspective to detection engineering decisions when methodology and detection logic intersect

📍 The position can be based in Paris, Rennes or fully remote from Europe. Professional trips paid for by the company might be required.

Your profile:

🤩 We are excited to meet you if you have:

• 5+ years of experience in DFIR, CERT/CSIRT, Threat Hunting, or advanced SOC operations.

• AI Familiarity: Being comfortable leveraging and evaluating LLMs (Large Language Models) in a technical or security automation context.

• Proven experience handling complex security incidents and conducting end-to-end digital forensics.

• DFIR Mindset: Deep understanding of Windows/Linux forensics, log analysis, and incident response playbooks.

• Automation & Scripting: Professional proficiency in Python and standard development practices (Git, CI/CD).

• Detection Engineering: Interest in producing Sigma and YARA rules.

• Languages: Writing skills in English.

🍀 Bonus Point

• Cross-Platform Forensics: Forensic experience outside the Windows ecosystem (macOS, Cloud environments, Linux servers).

• Cyber Modeling: Strong familiarity with frameworks like MITRE ATT&CK, STIX, or the Cyber Kill Chain.

• Product Sensibility: Previous experience working closely with product managers, developers, or UX designers.

• Threat Intelligence & detection engineering: Advanced skills in reverse engineering (Ghidra, IDA), detection engineering (producing SIGMA rules) or infrastructure tracking (using Censys, VirusTotal, …).

👀 Are you interested in this job but feel you haven't ticked all the boxes? Don't hesitate to apply, and tell us in the cover letter section why we absolutely must meet!

Recruitment Process:

📝 Here's what's in store for you if you apply :

• HR Interview with Clémentine, Talent Acquisition Manager (30')

• N+1 interview with Nicolas, Head of TDR, and another TDR team member (60’)

• Technical interview with the TDR and T&P experts (60’)

• Final Interview with N+2 with Georges, CTPO & François, CIO (45’)

Our process usually takes about 3 weeks, depending on availability, it includes reference calls. The program: discussions rather than trick questions ! These discussions will help you understand how Sekoia.io works and what it stands for. But they are also (and above all) an opportunity for you to tell us about your career path and your expectations for your next job!

⭐ Sekoia.io is an equal opportunity employer for any minority, disability, gender identity or sexual orientation. We are committed to hiring and supporting diverse teams of people from all backgrounds, experiences, and perspectives.