CyberSecurity Engineer, Incident Response Lead

About Mistral

Mistral provides full-stack AI solutions: from frontier models to developer tools, applications, and compute. We partner with enterprises tackling the hardest problems—across high-stakes industries like finance, manufacturing, defense, healthcare, and the public sector—co-creating customized AI systems that they can run on their terms.

We are a dynamic, collaborative team passionate about AI and its potential to transform society. Our diverse workforce thrives in competitive environments and is committed to driving innovation. Our teams are distributed between Europe, North America, Asia and the Middle East. We are creative, low-ego and team-spirited.

About Mistral

At Mistral AI, we believe in the power of AI to simplify tasks, save time, and enhance learning and creativity. Our technology is designed to integrate seamlessly into daily working life.

We democratize AI through high-performance, optimized, open-source and cutting-edge models, products and solutions. Our comprehensive AI platform is designed to meet enterprise needs, whether on-premises or in cloud environments. Our offerings include le Chat, the AI assistant for life and work.

We are a dynamic, collaborative team passionate about AI and its potential to transform society.

Our diverse workforce thrives in competitive environments and is committed to driving innovation. Our teams are distributed between France, USA, UK, Germany and Singapore. We are creative, low-ego and team-spirited.

Join us to be part of a pioneering company shaping the future of AI. Together, we can make a meaningful impact. See more about our culture on .

Role Summary

Mistral AI is looking for a senior Incident Response and Digital Forensics specialist to lead our incident response capability across a complex, rapidly evolving AI ecosystem.

Reporting to the SOC Lead, you will take end-to-end ownership of major security incidents, from initial investigation and containment through remediation and post-incident improvement. During critical events, you will act as the incident commander, bringing structure, sound judgment, and calm leadership to high-pressure situations.

This is a hands-on, player-coach position combining deep technical investigations with capability building. You will help define our incident response methodology, forensic tooling, runbooks, exercises, and post-mortem practices. As the organization grows, the role may also offer opportunities to build and lead a dedicated incident response team.

What You Will Do

• Own the incident response lifecycle for high-severity security events, including triage, investigation, containment, remediation, recovery, and post-incident review.

• Act as incident commander, coordinating technical teams and key stakeholders during complex security incidents.

• Build, maintain, and test incident response runbooks covering Mistral’s most important risk scenarios.

• Develop and operate forensic capabilities across cloud, containerized, on-premises, and endpoint environments.

• Preserve, collect, and analyze digital evidence using rigorous and repeatable forensic methodologies.

• Partner with SOC and Detection Engineering teams to strengthen detection-to-response workflows and improve investigative readiness.

• Design and facilitate tabletop exercises with engineering, legal, communications, and leadership stakeholders.

• Lead blameless post-mortems and ensure lessons learned translate into durable technical and organizational improvements.

• Define clear incident communication and escalation practices for both technical and non-technical stakeholders.

• Contribute to the long-term development of Mistral’s incident response function, with the potential to mentor or lead future team members.

About You

• Significant experience leading complex incident response and digital forensics investigations in cloud-native, technology, or similarly high-stakes environments.

• Demonstrated ability to take command during critical incidents and coordinate multidisciplinary teams under pressure.

• Strong knowledge of cloud and container forensics, including environments such as AWS, GCP, Kubernetes, and on-premises infrastructure.

• Hands-on experience with endpoint forensics, ideally including macOS environments.

• Strong understanding of attacker behaviors, investigation methodologies, evidence handling, and the MITRE ATT&CK framework.

• Experience building incident response runbooks, forensic workflows, tabletop exercises, and post-incident review practices.

• Ability to automate investigative or response workflows using Python, Go, or similar languages.

• Excellent written and verbal communication skills, with the ability to communicate clearly with engineers, legal teams, executives, and other stakeholders.

• A calm, methodical, and pragmatic approach, combined with a strong sense of ownership.

• Experience mentoring others or helping build an incident response capability is highly valued.

Hiring Process

• Introduction call: 30 minutes

• Hiring Manager interview: 30 minutes

• Technical panel: 60 minutes

• Culture and values discussion: 30 minutes

• Reference checks

Location: Paris, France
Working model: Hybrid
Scope: Global
Level: Senior / Staff

Location & Remote

The position is based in our Paris HQ offices and we encourage going to the office as much as we can (at least 3 days per week) to create bonds and smooth communication. Our remote policy aims to provide flexibility, improve work-life balance and increase productivity. Each manager can decide the amount of days worked remotely based on autonomy and a specific context (e.g. more flexibility can occur during summer). In any case, employees are expected to maintain regular communication with their teams and be available during core working hours.

What we offer

Competitive salary and equity package

‍⚕️ Health insurance

Transportation allowance

Sport allowance

Meal vouchers

Private pension plan

Generous parental leave policy

By applying, you agree to our Applicant Privacy Policy .

What we offer

We offer a comprehensive benefits package designed to support your well-being, growth, and work-life balance. Benefits vary by country and may include healthcare coverage, parental leave, retirement plans, relocation support, wellness programs, meal and transportation allowances, and other location-specific perks.

For the most up-to-date details on benefits available in your location, please refer to our Benefits page .

Privacy Policy

Your privacy matters to us. You can learn more about how we handle your personal data in our Applicant Privacy Policy .