Senior Security Engineer SDLC

Job Title: Senior Security Engineer SDLC

Company: Ledger

Location: Paris, France

About Ledger

Founded in 2014, Ledger is a global platform for digital assets and Web3, securing over 20% of the world’s crypto assets. The company offers a variety of products and services to help individuals and companies securely buy, store, swap, and manage crypto assets. This includes the Ledger hardware wallets, with over 6 million units sold in more than 200 countries. Ledger is headquartered in Paris and Vierzon, with additional offices in the UK, US, Switzerland, and Singapore.

At Ledger, values like Pragmatism, Audacity, Commitment, Trust, and Transparency are key. Ledger is committed to providing a secure environment for digital assets, making blockchain technology more accessible and secure for everyone.

Role Overview

Ledger is looking for a Senior Security Engineer SDLC to join their Security team. In this role, you will define, promote, and enforce secure software development best practices across engineering teams, ensuring compliance with internal and external security standards. Your work will help ensure that secure software practices are integrated into the software development lifecycle (SDLC) at Ledger.

Your Mission

• Define and Promote Secure Development Practices: Establish secure software development practices across Ledger’s engineering teams, ensuring they follow security standards and protocols.
• Build Security Tooling: Create and maintain tools to automate vulnerability detection, enforce secure coding standards, and perform security analysis.
• CI/CD Security Integration: Integrate security checks into the CI/CD pipeline (e.g., linters, SAST, dependency scanning), ensuring security is part of the development process.
• Release Security: Manage the security process of software releases, ensuring that only reviewed, signed, and approved builds are deployed to production.
• Provide Guidance: Support developers by providing guidance on secure design and implementation decisions.
• Define Internal Security Guidelines: Contribute to the creation and implementation of internal security standards, guidelines, and checklists.
• Collaborate Across Teams: Partner with teams like Product Security, Donjon, and Software to make security a shared responsibility across the SDLC.
• Monitor Industry Trends: Stay up to date with industry trends, threats, and technologies, adapting internal practices as necessary.
• Compliance and Audits: Ensure compliance with internal and external security requirements, including certifications and audits.

What We’re Looking For

• Experience: Strong experience in secure software development processes, including threat modeling, secure coding practices, and security testing.
• Security Tooling: Experience implementing and managing security tools in a CI/CD environment.
• Documentation: Experience in writing or maintaining security-related documentation and standards.
• Modern Delivery Practices: Familiarity with modern software delivery practices, such as GitOps and infrastructure as code.
• Risk Assessment and Architecture Security: Solid understanding of risk assessment and software architecture security.
• Pragmatic Approach: A focus on enabling developers with security tools and processes, rather than hindering development.

Technical Skills

• Scripting & Automation: Proficiency in scripting languages like Python and Bash.
• Code Analysis Tools: Experience with tools like linters, SAST, and dependency scanners (e.g., Snyk, Trivy).
• Vulnerability Management: Knowledge of common software vulnerabilities (e.g., OWASP Top 10) and prevention techniques.
• CI/CD and GitHub: Experience with GitHub workflows, build systems, and secure release processes.
• Secure Communication & Cryptography: Basic knowledge of cryptography and secure communications protocols is a plus.
• Additional Languages: Experience in C, Rust, Scala, or embedded environments is a plus.

What’s in it for You?

• Equity: Stock options so you can share in Ledger’s success as the company grows.
• Flexibility: Hybrid work policy to balance in-office and remote work.
• Social: Participate in annual company outings (Ledgerdary Days), plus regular social events.
• Medical: Comprehensive health insurance, including medical, dental, and vision care.
• Well-being: Access to personal development resources, coaching, and fitness programs.
• Vacation: Five weeks of paid leave per year, along with national holidays and additional RTT days.
• Tech: Access to high-performance office equipment, including Apple products.
• Transportation: Reimbursement for part of your transportation costs.
• Product Discount: Employee discount on all Ledger products.

If you're passionate about security in the SDLC, have experience with security tooling, and want to help Ledger maintain and grow its secure digital asset platform, this role could be a great fit!