Internship - Security Operations (SecOps) - Cloud Attack Simulations & SOAR

Job title: Security Operations (SecOps) — Cloud Attack Simulations & SOAR Intern

Location: Paris, France

About Ledger

We’re a team of experts pushing the limits of what’s possible, united by our common goal to unlock true freedom through digital ownership, making technology accessible for all. We believe in a world where users, creators and enterprises manage their value with ownership and freedom. Our curiosity drives us to innovate, empowering individuals on a global scale. We believe change is constant and our team moves forward as one, with a culture of problem-solving where every employee is empowered and supported to challenge tradition and create solutions. Our mission is simple: to make self-custody accessible and give people the keys to their own financial futures. If you want to make a true impact, we want you to join us at Ledger.

At Ledger, we’re proud to be the global platform for digital assets and Web3, with over 20% of the world’s crypto assets secured through our Ledger devices. With our headquarters in Paris, and offices in Vierzon, Grenoble, Montpellier, London, Portland, Geneva, Zurich and Central Singapore, we have a team of around 600 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including the Ledger hardware wallets line with more than 7.5 millions units already sold in 200 countries.

The team:

In our cloud infrastructure, you transform TTP-aligned attack scenarios into operational detections and production-ready SOAR playbooks, measured by key indicators (MTTD/MTTR, false positives, remediation time) to sustainably reduce risk and MTTR.

As part of Ledger's Security Operations (SecOps Team), you will join a dedicated team responsible for protecting company assets against cyber threats across cloud, corporate, and datacenter environments. The SecOps team's core mission encompasses threat anticipation, detection, and prevention throughout Ledger's infrastructure, operating independently from the Donjon team which handles product security.

Our technical stack: Splunk (SIEM), CrowdStrike (EDR/workload security), Wiz (CSPM), SOAR and AWS (including EKS/Kubernetes) as cloud providers.

What you’ll be doing:

• Design cloud attack scenarios (AWS, EKS/Kubernetes).

• Generate test events and verify detections in Splunk/Wiz/Crowdstrike (adjustments if necessary).

• Create automation playbooks (SOAR) in our SOAR to automatically remediate and reduce MTTR.

• Automate vulnerability management (VM) via SOAR (exposed secrets, priority CVEs, etc.) and dispatch to the responsible teams.

• Document simply (runbooks, diagrams) and maintain a catalogue of scenarios/detections/playbooks.

• Measure the impact of scenarios and automations: MTTD/MTTR, false positive rates, remediation time.

• Contribute to the integration of new detection rules in the Ledger Use Case Factory.

• Participate, as needed, in incident response and the SecOps team's detection backlog.

What we’re looking for:

• Master’s student in cybersecurity (6-month internship agreement).

• Basics in AWS (IAM, S3, CloudTrail) and Kubernetes/EKS (Pods, RBAC, networking fundamentals).

• Understanding of detection & response fundamentals (SIEM/SOAR).

• Technical English (reading/writing).

—-

At Ledger, we are dedicated to continually investing in our employees which is why we offer more than just salaries; we provide comprehensive compensation packages that include a wide range of benefits.

For regionally specific benefits, your Talent Acquisition contact will be able to provide you with more information.

We’re committed to building an inclusive hiring process. If you need any adjustments or accommodations, just let us know, we’ll do our best to support you.