PayPal Threat Detection & Response Engineer 

France, Occitania, Toulouse 

637191442

• Develop and fine-tune threat detection logic within SIEM platforms by correlating telemetry from diverse log sources to identify suspicious activity.
• Design, build, and maintain SOAR playbooks and automation workflows to streamline response and scale incident handling.
• Collaborate with product and infrastructure teams to understand application architecture and operational environments, enabling the development of context-aware detection rules.
• Conduct regular threat hunts and leverage intelligence to uncover anomalous behavior, misconfigurations, or emerging risks.
• Integrate and correlate internal and external threat intelligence to support broader detection strategies and response readiness.
• Create and maintain scalable frameworks and documentation to enable continuous contribution and improvement across the detection program.
• Engage with development and platform teams to provide proactive guidance on securing new features and infrastructure.
• Report on detection trends, effectiveness metrics, and key findings, translating technical insights into actionable recommendations for stakeholders.

• Translate threat actor TTPs (e.g., MITRE ATT&CK) into reliable, high-fidelity detections.
• Tune and maintain alerting rules across SIEM, EDR, and cloud-native tools to minimize false positives.
• Identify visibility gaps and partner with platform teams to improve data collection and normalization.
• Participate in validation exercises, including red and purple team simulations, to assess and improve detection coverage.
• Support the full lifecycle of detection development — from idea to deployment, tuning, and documentation.

• 5+ years of experience in cybersecurity, with a focus on detection engineering, threat hunting, or security automation.
• Hands-on experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar) and EDR solutions (e.g., CrowdStrike, SentinelOne).
• Proficiency in SIEM query languages like SPL or KQL.
• Strong understanding of attacker behavior, threat modeling, and adversary simulation techniques.
• Familiarity with scripting (Python, PowerShell, etc.) and automation in the context of security operations.
• Excellent collaboration and communication skills with the ability to convey complex security concepts to diverse audiences.

Travel Percent:

The total compensation for this practice may include an annual performance bonus (or other incentive compensation, as applicable), equity, and medical, dental, vision, and other benefits. For more information, visit .

The US national annual pay range for this role is $143,500 to $212,850

Our Benefits:

Any general requests for consideration of your skills, please