Join us to be part of a pioneering company shaping the future of AI. Together, we can make a meaningful impact. See more about our culture on https://mistral.ai/careers.

Role Summary

Mistral AI is looking for a senior Incident Response and Digital Forensics specialist to lead our incident response capability across a complex, rapidly evolving AI ecosystem.

Reporting to the SOC Lead, you will take end-to-end ownership of major security incidents, from initial investigation and containment through remediation and post-incident improvement. During critical events, you will act as the incident commander, bringing structure, sound judgment, and calm leadership to high-pressure situations.

This is a hands-on, player-coach position combining deep technical investigations with capability building. You will help define our incident response methodology, forensic tooling, runbooks, exercises, and post-mortem practices. As the organization grows, the role may also offer opportunities to build and lead a dedicated incident response team.

What You Will Do

• Own the incident response lifecycle for high-severity security events, including triage, investigation, containment, remediation, recovery, and post-incident review.
• Act as incident commander, coordinating technical teams and key stakeholders during complex security incidents.
• Build, maintain, and test incident response runbooks covering Mistral’s most important risk scenarios.
• Develop and operate forensic capabilities across cloud, containerized, on-premises, and endpoint environments.
• Preserve, collect, and analyze digital evidence using rigorous and repeatable forensic methodologies.
• Partner with SOC and Detection Engineering teams to strengthen detection-to-response workflows and improve investigative readiness.
• Design and facilitate tabletop exercises with engineering, legal, communications, and leadership stakeholders.
• Lead blameless post-mortems and ensure lessons learned translate into durable technical and organizational improvements.
• Define clear incident communication and escalation practices for both technical and non-technical stakeholders.
• Contribute to the long-term development of Mistral’s incident response function, with the potential to mentor or lead future team members.

About You

• Significant experience leading complex incident response and digital forensics investigations in cloud-native, technology, or similarly high-stakes environments.
• Demonstrated ability to take command during critical incidents and coordinate multidisciplinary teams under pressure.
• Strong knowledge of cloud and container forensics, including environments such as AWS, GCP, Kubernetes, and on-premises infrastructure.
• Hands-on experience with endpoint forensics, ideally including macOS environments.
• Strong understanding of attacker behaviors, investigation methodologies, evidence handling, and the MITRE ATT&CK framework.
• Experience building incident response runbooks, forensic workflows, tabletop exercises, and post-incident review practices.
• Ability to automate investigative or response workflows using Python, Go, or similar languages.
• Excellent written and verbal communication skills, with the ability to communicate clearly with engineers, legal teams, executives, and other stakeholders.
• A calm, methodical, and pragmatic approach, combined with a strong sense of ownership.
• Experience mentoring others or helping build an incident response capability is highly valued.

Hiring Process

• Introduction call: 30 minutes
• Hiring Manager interview: 30 minutes
• Technical panel: 60 minutes
• Culture and values discussion: 30 minutes
• Reference checks

Location: Paris, France
Working model: Hybrid
Scope: Global
Level: Senior / Staff

The position is based in our Paris HQ offices and we encourage going to the office as much as we can (at least 3 days per week) to create bonds and smooth communication. Our remote policy aims to provide flexibility, improve work-life balance and increase productivity. Each manager can decide the amount of days worked remotely based on autonomy and a specific context (e.g. more flexibility can occur during summer). In any case, employees are expected to maintain regular communication with their teams and be available during core working hours.

💰 Competitive salary and equity package

🧑‍⚕️ Health insurance

🚴 Transportation allowance

🥎 Sport allowance

🥕 Meal vouchers

💰 Private pension plan

🍼 Generous parental leave policy