CrawlJobs Logo
Ledger Logo Ledger · IT - Software Development

Senior Security Engineer SDLC

France, Paris · Job Posted April 24, 2025

Job offer has expired

Job Link Share

Job Description

You will be part of our Security team and your responsibility will be to define and promote secure software development best practices across our engineering team and help ensure compliance with internal and external security standards and requirements.

Job Responsibility

  • Define, document and promote secure software development practices across Ledger’s engineering teams
  • Build and maintain security tooling to support automated analysis, vulnerability detection, and enforcement of secure coding standards
  • Drive the adoption of security checks and controls in the CI/CD pipeline (e.g. linters, SAST, dependency scanning)
  • Own and improve our quorum-based release security process, ensuring that only reviewed, signed, and approved builds can be released to production
  • Provide guidance and support to developers on secure design and implementation decisions
  • Contribute to the definition and implementation of internal security standards, guidelines, and checklists
  • Partner with the Product Security, Donjon, and Software teams to ensure security is a shared responsibility throughout the SDLC
  • Monitor industry trends and adapt internal practices to evolving threats and technologies
  • Help ensure compliance with internal and external security requirements (e.g. certifications, audits)

Requirements

  • Strong experience with secure software development processes and practices (e.g. threat modeling, secure coding, security testing)
  • Practical experience implementing and managing security tooling in a CI/CD environment
  • Experience writing or maintaining security-related documentation and standards
  • Familiarity with modern software delivery practices (e.g. GitOps, infrastructure as code)
  • A pragmatic mindset focused on enabling developers rather than blocking them
  • Prior experience working with or managing secure release models is a plus
  • Good understanding of risk assessment and software architecture security
  • Proficiency in scripting and automation (Python, Bash, etc)
  • Familiarity with code analysis tools (linters, SAST, dependency scanners like Snyk or Trivy)
  • Understanding of common software vulnerabilities (e.g. OWASP Top 10) and how to prevent them
  • Experience with GitHub workflow and build systems
  • Knowledge of secure release workflows (signing, approvals, reproducible builds)
  • Experience in C, Rust, Scala, or embedded environments is a plus
  • Basic knowledge of cryptography and secure communications protocols is a plus

Nice to have

  • Prior experience working with or managing secure release models
  • Experience in C, Rust, Scala, or embedded environments
  • Basic knowledge of cryptography and secure communications protocols

What we offer

  • Equity: Employees are the foundation of our success, and we award stock options so you can share in that success as we grow
  • Flexibility: A hybrid work policy
  • Social: Annual company outing for Ledgerdary Days, plus frequent social events, snacks and drinks
  • Medical: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage
  • Well-being: Personal development, coaching & fitness with our dedicated partners
  • Vacation: Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days
  • High tech: Access to high performance office equipment and gadgets, including Apple products
  • Transport: Ledger reimburses part of your preferred means of transportation
  • Discounts: Employee discount on all our products
Ledger - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Senior Security Engineer SDLC

8 matching positions

Senior Security Engineer - Application Security

This is an opportunity to join K's critical InfoSec team as a Senior Security En...
Location
Location
United States , New York
Salary
Salary:
150000.00 - 185000.00 USD / Year
khealth.com Logo
K Health
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in Information Security, Cloud Security, IT Security, and/or Application Security
  • Strong expertise in cloud technology (AWS, GCP, or Azure), modern programming languages, utilization of generative coding utilities, and the security implications of utilizing AI code development utilities
  • Demonstrated experience researching, establishing, and successfully rolling out enterprise-wide security policies and guidelines
  • Proven experience establishing a cutting-edge security posture, particularly within the regulated healthcare technology field
  • Excellent communication skills, capable of translating complex security risks into clear, actionable advice for technical and non-technical stakeholders
  • Expertise in compliance, security, and regulatory areas such as
  • HIPAA, PHI, AKS, SOC 2, ISO, GDPR, etc.
  • Flexibility in covering a rotation for critical on-call support responsibilities
Job Responsibility
Job Responsibility
  • Lead the development and implementation of robust application security protocols throughout the entire Software Development Lifecycle (SDLC)
  • Design, deploy, and continuously monitor cloud security architecture across our cloud environments, ensuring performance and resilience
  • Manage the security posture of K’s core IT infrastructure, internal networks, and perimeter defenses, mitigating threats before they impact operations
  • Ensure adherence to relevant healthcare regulatory and compliance requirements (e.g., HIPAA, GDPR, etc.) across all product lines and systems
  • Conduct proactive vulnerability assessments, penetration tests, and security reviews to identify and remediate potential weaknesses in our platforms
  • Collaborate with engineering teams to integrate security tools and practices into continuous integration/continuous deployment (CI/CD) pipelines
What we offer
What we offer
  • Hybrid work schedule with weekly lunches and stocked fridges
  • Monthly social committees for company events
  • 18 vacation days, 9 company holidays, 5 sick days, and 2 personal days
  • Stock options for every full-time employee
  • Paid parental leave
  • 401k benefit
  • Commuter Benefits
  • Competitive health, dental, and vision insurance options
  • Fulltime
Read More
Arrow Right

Senior Security Engineer, Application Security

We are hiring a Senior Application Security Engineer to join Turnkey's team and ...
Location
Location
Salary
Salary:
Not provided
turnkey.com Logo
Turnkey
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelors degree in Computer Science, Engineering, or a related field
  • 5+ years of experience in application or product security, ideally in fast-moving, high-impact or crypto-native environments
  • Strong understanding of web, mobile, and cryptographic security fundamentals (e.g. OWASP Top Ten, SANS/CWE Top 25)
  • Proficiency in programming and scripting languages (Typescript/Javascript, Go, Rust) and experience building secure systems from the code up
  • Hands-on experience with security testing tools and methodologies (static/dynamic analysis, pen testing, etc.)
  • Strong understanding of cloud, containerized, and runtime environments (AWS, GCP, Docker, Kubernetes), with the ability to embed security early in the SDLC
  • Excellent analytical, problem-solving, and communication skills, with a collaborative mindset for partnering across product and infrastructure teams
  • Curious, proactive, and passionate about building secure, reliable systems in a fast moving startup environment
  • A builder mentality
  • comfortable operating with ambiguity, tackling incomplete systems, and applying hands-on engineering experience to security challenges.
Job Responsibility
Job Responsibility
  • Partner with Product and Engineering at both the design and development stage to ensure that we implement new features securely, including (but not limited to): Participating in the implementation efforts
  • Doing security reviews
  • Helping with product design decisions
  • Auditing and surfacing vulnerabilities in our current products
  • Conducting threat modeling and security assessments for new features and systems, identifying risks early and shaping secure architectural decisions
  • Developing and improving our Automated Tooling: further enhancing our automated tooling to scale our product security capabilities and find potential code problems both before and after we deploy
  • Making the safe way, the easy way: work on defining and building application guardrails so that developers can build securely by default
  • Investigating and remediating security issues, including vulnerabilities and incidents, and drive long-term improvements to prevent recurrence
  • Embedding a culture of secure development across engineering, defining practices that influence how Turnkey builds, deploys, and maintains systems at scale.
What we offer
What we offer
  • Full benefits, including medical, dental, vision, life, disability, HSA/FSA, 401(k)
  • Paid parental leave
  • Unlimited PTO
  • $3,000/yr learning and development budget to attend industry conferences
  • Multiple team offsites per year
  • Macbook Pro laptop
  • Lunch stipend (for those physically in the New York City office)
  • Fulltime
Read More
Arrow Right

Senior Application Security / Product Security Engineer

We are seeking an experienced Application Security / Product Security Engineer t...
Location
Location
India , Mumbai
Salary
Salary:
Not provided
Galaxy Office Automation Pvt. Ltd.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong understanding of Application Security and Product Security principles
  • Experience with secure SDLC practices
  • Hands-on experience performing security testing for Web applications, APIs, Mobile apps, Thick client applications
  • Knowledge of cloud platforms (AWS / Azure / GCP) and cloud security architecture
  • Experience performing security design reviews and threat modeling
  • Familiarity with OWASP Top 10, API Security Top 10, and common vulnerability classes
  • Experience using security tools such as SAST, DAST, SCA
  • API testing tools
  • Good working knowledge of Excel for tracking vulnerabilities, metrics, and reporting
  • Strong task management and stakeholder coordination skills
Job Responsibility
Job Responsibility
  • Integrate security practices into the Software Development Lifecycle (SDLC)
  • Perform application security design reviews for new and existing products
  • Conduct manual and automated security testing of Web applications, REST / GraphQL APIs, Mobile applications (Android / iOS), Thick client / desktop applications
  • Identify vulnerabilities such as OWASP Top 10, authentication issues, authorization flaws, and API security risks
  • Review cloud architecture and deployments (AWS, Azure, GCP) for security best practices
  • Work with development teams to prioritize and remediate vulnerabilities
  • Perform threat modeling and security architecture assessments
  • Track vulnerabilities, remediation status, and risk metrics using Excel or vulnerability management tools
  • Support secure coding practices and developer security awareness
  • Manage multiple security assessments and coordinate tasks across teams
  • Fulltime
Read More
Arrow Right

Senior Security Engineer (Red Team Specialist)

We are seeking a highly skilled and experienced Senior Security Engineer Penetra...
Location
Location
Indonesia , Jakarta
Salary
Salary:
Not provided
Flip
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or a related field
  • Relevant certifications such as OSCP, OSCE, GPEN, or GXPN are highly desirable
  • Minimum of 5 years of hands-on experience in penetration testing (mobile applications {Android and iOS}, web applications, and API), red teaming, or ethical hacking, with a proven track record of identifying and exploiting vulnerabilities
  • Demonstrate a strong grasp of end-to-end SDLC, DevSecOps, and application development for web and mobile applications
  • Expertise in using various security testing tools and frameworks (e.g., Metasploit, Burp Suite, Nmap, etc.) and manual techniques to conduct thorough security assessments
  • Proficiency in programming and scripting languages (e.g., Python, Go, Shell Script) to develop custom tools and automation scripts
  • Strong understanding of network protocols, operating systems, and common security technologies (SIEM, XDR/EDR, firewalls, IDS/IPS, WAFs, etc.)
  • In-depth knowledge of cybersecurity principles, attack vectors, and defense strategies. Familiarity with threat intelligence and risk assessment methodologies, OWASP, Cloud Security best practices
  • Excellent analytical and problem-solving abilities, with a proactive approach to identifying and mitigating security risks
  • Effective verbal and written communication skills, with the ability to convey complex technical concepts to both technical and non-technical stakeholders
Job Responsibility
Job Responsibility
  • Lead and conduct penetration testing and red teaming activities against our organization's networks, applications, and physical security
  • Perform comprehensive security assessments to identify vulnerabilities and potential weaknesses
  • Develop realistic attack scenarios based on current threat intelligence and industry best practices
  • Simulate sophisticated attack techniques to identify gaps in our security controls and defenses
  • Conduct in-depth vulnerability assessments and risk analyses, utilizing various security testing tools and manual techniques
  • Provide detailed reports outlining identified vulnerabilities and recommended remediation actions
  • Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and attack techniques
  • Continuously monitor emerging trends and industry developments to inform our security strategies
  • Collaborate with the security team and other stakeholders to review and improve our organization's security architecture, ensuring it aligns with industry standards and best practices
  • Assist the incident response team in handling cybersecurity incidents, performing forensic investigations, and providing expertise on the adversary's techniques and tactics
  • Fulltime
Read More
Arrow Right

Senior Security Engineer

Zuora’s Application Security & Security Engineering team partners closely with e...
Location
Location
Australia , Sydney
Salary
Salary:
Not provided
zuora.com Logo
Zuora
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of experience in application security, software development, or a related engineering role
  • Strong understanding of secure software development practices, including experience working with developers to embed security into the SDLC
  • Hands-on experience conducting security design reviews, threat modeling, and code reviews for web and cloud-based applications
  • Familiarity with common application vulnerabilities (e.g., OWASP Top 10) and experience in identifying and remediating them
  • Experience working with security tools such as SAST, DAST, SCA, and container security scanners
  • Ability to communicate security concepts effectively to both technical and non-technical stakeholders
  • Australia PR is a must
Job Responsibility
Job Responsibility
  • Collaborate with teams across a global organization to support the adoption and implementation of secure software development practices and tooling
  • Contribute hands-on to critical engineering and tooling projects, working closely with technical leads and product owners to ensure security is a key part of successful project outcomes
  • Mentor engineers and influence architectural decisions to ensure security is embedded by design
  • Design and develop reusable, flexible security components and APIs to support scalable, secure application development across the company
  • Define and promote best practices to ensure software security without compromising functionality, usability, reliability, or availability
  • Participate in design and code reviews, providing actionable security recommendations as needed
  • Collaborate with project teams to design and prototype secure solutions, validating key assumptions and security objectives
  • Evaluate, implement, and support a range of security tools to improve visibility and reduce risk
  • Build strong relationships and communicate effectively with stakeholders throughout the SDLC, including Product, Engineering, and Operations teams
What we offer
What we offer
  • Competitive compensation, variable bonus and performance reward opportunities, and retirement programs
  • Medical, dental and vision insurance
  • Generous, flexible time off
  • Paid holidays, “wellness” days and company wide end of year break
  • Attractive parental leave
  • Learning & Development stipend
  • Opportunities to volunteer and give back, including charitable donation match
  • Free resources and support for your mental wellbeing
  • Fulltime
Read More
Arrow Right

Senior Security Engineer - MSC STORM

We’re looking for experienced and driven senior security professionals to join o...
Location
Location
Israel , Tel Aviv, Herzliya
Salary
Salary:
Not provided
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Expertise structured threat modeling and architectural risk analysis
  • Deep knowledge in one or more of the following: Operating System internals (Windows/Linux), memory management, and secure boot
  • Virtualization, Cloud Architecture, and Container security
  • Application Security principles and secure software development practices across microservices, APIs, and distributed systems
  • Cloud-native services and their security implications (e.g., identity, secrets management, service mesh, serverless)
  • 6+ years in security engineering, architecture, or related roles
  • Demonstrated success in leading security reviews or threat modeling for large-scale systems
  • Prior experience in driving and managing internal security initiatives and integrating Secure Development Lifecycle (SDLC) concepts
  • Track record of identifying and mitigating vulnerabilities in OS, cloud, or infrastructure components
  • Proficiency in secure coding and code reviews
Job Responsibility
Job Responsibility
  • Lead security design and architecture reviews as well as threat modeling engagements for complex systems
  • Identify architectural vulnerabilities and guide engineering teams towards secure design patterns
  • Collaborate with security teams to identify vulnerabilities and embed security early in the product lifecycle
  • Communicate findings clearly to both technical and non-technical stakeholders
  • Drive security hardenings and security-driven redesign to improve security posture
  • Mentor engineers and promote a culture of security-first thinking
  • Fulltime
Read More
Arrow Right

Senior Security Engineer, Privacy

As a Senior Security Engineer, Privacy, you will serve as a trusted advisor at t...
Location
Location
Canada; England; France; Germany; Italy; Portugal; Spain; United States
Salary
Salary:
88000.00 - 110000.00 EUR / Year
docker.com Logo
Docker
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6–8 years of experience in information technology, security engineering, governance, risk and compliance, privacy engineering, or closely related roles
  • Proven experience designing and implementing GRC programs with a strong emphasis on automation, engineering, and scalable processes
  • Hands-on experience implementing or operating privacy programs aligned with GDPR and ISO/IEC 27701, including privacy-by-design and privacy-by-default principles
  • Strong understanding of privacy engineering concepts such as data minimization, purpose limitation, data lifecycle management, and technical data protection controls
  • Proficiency in one or more programming or scripting languages such as Python or Golang, with experience building automation for compliance and privacy workflows
  • Experience working with APIs, webhooks, and integrating GRC, privacy, and security tooling
  • Hands-on experience with public cloud environments (AWS, Azure, or GCP), including applying privacy and data protection controls across backup systems, data lakes, and distributed cloud storage services
  • Experience integrating security and compliance requirements into SDLC and CI/CD pipelines using DevSecOps practices
  • Solid understanding of security frameworks and regulatory standards such as ISO 27xxx, SOC 2, GDPR, and NIST, and how they apply to SaaS environments
  • Knowledge of information security risk management and common security technologies (e.g., SIEM, vulnerability management, data loss prevention, endpoint protection)
Job Responsibility
Job Responsibility
  • Embed privacy-by-design principles into Docker products, services, and internal platforms, aligned with ISO/IEC 27001, ISO/IEC 27701, SOC 2, and global privacy regulations
  • Partner closely with Docker engineering and product teams to integrate privacy requirements into architecture decisions, SDLC processes, and CI/CD pipelines
  • Design, develop, and maintain automated GRC and privacy workflows to support compliance monitoring, control testing, DPIAs, risk assessments, reporting, and audit readiness
  • Implement and customize GRC and privacy tooling using APIs, scripting, and automation to streamline evidence collection, control validation, and compliance operations
  • Lead and automate data discovery, classification, and data mapping across Docker systems to maintain accurate Records of Processing Activities (RoPA) and support data lifecycle governance
  • Conduct and operationalize security risk assessments and Data Protection Impact Assessments (DPIAs), integrating findings into Docker’s risk register and remediation tracking
  • Define, implement, and validate data protection and data lifecycle controls, including data minimization, retention, deletion, and access controls
  • Build and maintain dashboards and security/privacy metrics to provide real-time visibility into risk, compliance posture, and program effectiveness
  • Support internal and external audits by providing high-quality, automated evidence and serving as a subject matter expert for security and privacy controls
  • Draft, maintain, and map security and privacy policies, standards, and procedures to relevant regulatory and industry frameworks
What we offer
What we offer
  • Freedom & flexibility
  • fit your work around your life
  • Designated quarterly Whaleness Days plus end of year Whaleness break
  • Home office setup
  • we want you comfortable while you work
  • 16 weeks of paid Parental leave
  • Technology stipend equivalent to $100 net/month
  • PTO plan that encourages you to take time to do the things you enjoy
  • Training stipend for conferences, courses and classes
  • Equity
  • Fulltime
Read More
Arrow Right

Senior Security Engineer

As a Senior Security Engineer, you'll be a trusted advisor to engineering and pr...
Location
Location
Canada, United States
Salary
Salary:
227600.00 - 284500.00 USD / Year
docker.com Logo
Docker
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • At least 5+ years of experience in security engineering roles, with a focus on application and infrastructure security, preferably in a cloud-native or SaaS environment
  • 3+ years of hands-on development experience in Python or Golang
  • Deep expertise in authentication, authorization, including technologies like OAuth, SAML, OIDC, MFA, cryptography applications and Zero Trust principals
  • Strong hands-on experience with securing cloud ecosystems (e.g: AWS, GCP, Azure)
  • Understand AI/ML security risks and mitigations, including prompt injection, data poisoning, model extraction, and adversarial attacks
  • Have deployed runtime security solutions for threat detection and policy enforcement in Kubernetes, Docker environments
  • A track record of building security programs and automations from scratch, applying risk-based prioritization
  • An understanding of compliance regulations (e.g, SOC 2, ISO 27xxx, GDPR, CCPA, FIPS) and ability to align security with compliance requirements
  • Excellent communication skills, allowing you to explain complex security concepts clearly to technical and non-technical stakeholders
  • Understand industry standards, and actively keep up with emerging security technologies and models
Job Responsibility
Job Responsibility
  • Work with leadership to align security initiatives with business goals, ensuring that security is a core component of product and infrastructure
  • Take ownership and drive implementation for key programs such as vulnerability management, cloud governance, and product security
  • Serve as a security subject matter expert for software security and architecture
  • Partner with engineering to design and implement security architecture and controls across Docker products and platforms
  • Perform security design reviews and threat modeling of emerging AI products
  • Integrate security into SDLC through security requirements, design assessments, and automated security testing
  • Manage Docker’s Vulnerability Disclosure Program (VDP) by validating submissions, and working with engineering to resolve confirmed issues
  • Design and enforce security configurations in cloud environments (e.g. AWS, GCP, Azure) according to industry best practices
  • Establish automated monitoring and alerting to detect security anomalies across our environments
  • Serve on rotating on-call schedule to respond to security incidents, investigate threats, and coordinate remediation efforts
What we offer
What we offer
  • Freedom & flexibility
  • fit your work around your life
  • Designated quarterly Whaleness Days plus end of year Whaleness break
  • Home office setup
  • we want you comfortable while you work
  • 16 weeks of paid Parental leave
  • Technology stipend equivalent to $100 net/month
  • PTO plan that encourages you to take time to do the things you enjoy
  • Training stipend for conferences, courses and classes
  • Equity
  • Fulltime
Read More
Arrow Right