Staff Cloud Security Engineer

Founded in 2014, a global platform focusing on digital assets and Web3 aims to enhance accessibility and security for all individuals worldwide. Over 15% of the globe's crypto assets are safeguarded by the innovative Ledger Nanos. The company operates from various locations including Paris, Vierzon, the UK, US, Switzerland, and Singapore, with a dedicated team of over 600 professionals striving to offer products and services that empower individuals and companies to securely engage with crypto assets. Ledger's hardware wallet line has already successfully sold over 5 million units across 180 countries.

At the company, core values such as Pragmatism, Audacity, Commitment, Trust, and Transparency define the unique culture. The hired individual will collaborate with the Cyber Security team and be responsible for driving the cybersecurity transformation. This involves implementing secure development practices, ensuring application security through automated scanning, and close collaboration with Infrastructure, Engineering, and Product Security teams.

The ideal candidate should be well-versed in cybersecurity, possess a passion for cloud technology security, demonstrate autonomy in work, and exhibit enthusiasm for suggesting enhancements to fortify Ledger's application, infrastructure, and service security. Excitement for the Web3 space and expertise in hardware wallets are advantageous qualities desired in applicants.

Responsibilities:

• Collaborate with Infrastructure, Engineering, and Product Security teams to integrate secure practices into delivery plans, detect and mitigate security vulnerabilities early on.
• Work closely with the Product Security team to provide automation and tooling for product security integration within the CI/CD pipeline.
• Champion proactive security measures like penetration testing, vulnerability assessments, and Infrastructure Security (IaC) code reviews to ensure Ledger's platforms and applications are secure.
• Contribute to designing and implementing robust security architectures, emphasizing risk assessment from inception.
• Serve as the primary point of contact for security incidents, ensuring timely responses, effective mitigation, and thorough post-incident analyses.
• Drive the adoption of DevSecOps culture, best practices, and methodologies throughout the organization for continual security advancement.

Requirements:

• At least 5 years of experience in DevSecOps, automation, security assessment, and cloud-native environments.
• Minimum of 8 years of experience in information security.
• Proficiency in Unix/Linux systems, Git, Python, Terraform, Kubernetes, AWS cloud technologies, CI/CD tools, and configuration management.
• Hands-on experience with security tool deployment, monitoring, and incident response.
• Strong cross-functional collaboration skills to work effectively with diverse teams and stakeholders.
• Excellent verbal and written communication abilities.
• Demonstrated ability to work autonomously, handle ambiguity, and thrive in high-pressure situations.

Benefits:

• Equity options to enable employees to share in the company's success.
• Hybrid work policy for flexibility.
• Annual company events and social gatherings for team bonding.
• Comprehensive health insurance covering medical, dental, and vision care.
• Personal development opportunities, coaching, and fitness partnerships.
• Five weeks of paid leave annually, plus national holidays and RTT days.
• Access to top-quality office equipment and gadgets, including Apple products.
• Transportation reimbursement and employee discounts on company products.

The company is an equal opportunity employer dedicated to fostering diversity and inclusivity across all aspects, irrespective of gender, ethnicity, religion, sexual orientation, social status, disability, or age.