Senior Security Engineer SDLC

We are dedicated to democratizing access to and improving the security of digital assets worldwide. Founded in 2014, our company serves as the leading platform for digital assets and Web3. A significant portion of the world's cryptocurrency assets are safeguarded by Ledger Nanos.

Headquartered in Paris and Vierzon, with additional offices in the UK, US, Switzerland, and Singapore, our team of over 900 professionals is committed to creating various products and services that empower individuals and businesses to securely acquire, store, exchange, grow, and manage crypto assets. Notably, our Ledger hardware wallets have seen over 6 million units sold across 200 countries.

Our organizational values include pragmatism, audacity, commitment, trust, and transparency, which shape the collaborative efforts of our workforce.

As a member of our Security team, you will play a crucial role in delineating and championing secure software development best practices throughout our engineering teams to ensure compliance with both internal and external security standards and requisites.

Your Responsibilities

• Establish, document, and advocate for secure software development practices within Ledger's engineering divisions.

• Develop and manage security tooling to facilitate automated analysis, vulnerability identification, and enforcement of secure coding guidelines.

• Lead the integration of security assessments and controls in the CI/CD pipeline (e.g., linters, SAST, dependency scanning).

• Enhance the efficacy of our quorum-driven release security method, guaranteeing that only reviewed, signed, and sanctioned builds are released into production.

• Offer guidance and assistance to developers in making secure design and implementation choices.

• Contribute to the creation and implementation of internal security standards, directives, and checklists.

• Collaborate with Product Security, Donjon, and Software teams to promote shared accountability for security across the SDLC.

• Stay attuned to industry trends and adjust internal protocols in response to emerging threats and technologies.

• Assist in ensuring compliance with both internal and external security requirements (e.g., certifications, audits).

Qualifications

• Substantial experience with implementing secure software development processes and procedures (e.g., threat modeling, secure coding, security testing).

• Practical knowledge of deploying and managing security tools in a CI/CD ecosystem.

• Proficiency in drafting and managing security-focused documentation and standards.

• Understanding of contemporary software delivery methods (e.g., GitOps, infrastructure as code).

• A pragmatic mindset focused on empowering developers rather than hindering workflow.

• Previous involvement in secure release models is advantageous.

• Profound grasp of risk assessment and software architecture security.

Technical Proficiencies

• Proficient in scripting and automation using technologies like Python and Bash.

• Familiarity with code analysis tools such as linters, SAST, and dependency scanners (e.g., Snyk or Trivy).

• Knowledge of prevalent software vulnerabilities (e.g., OWASP Top 10) and methods for mitigation.

• Familiarity with GitHub workflow and build systems.

• Understanding of secure release workflows encompassing signing, approvals, and reproducible builds.

• Experience in languages like C, Rust, Scala, or environments related to embedded systems is beneficial.

• Basic knowledge of cryptography and secure communication protocols is advantageous.

Benefits Package

• Equity: Participation in company success through stock options.

• Flexibility: Hybrid work policy.

• Social: Team outings, social events, and amenities like snacks and beverages.

• Medical: Comprehensive health insurance including medical, dental, and vision coverage.

• Well-being: Personal development opportunities, coaching, and fitness benefits.

• Vacation: Generous paid time off, complemented by national holidays and RTT days.

• High tech: Access to top-notch office equipment and tech tools, such as Apple products.

• Transport: Reimbursement of a portion of transportation expenses.

• Discounts: Employee discount on Ledger products.