Senior Security Engineer SDLC, Ledger

Ledger

Location:
France, Paris

Category:
IT - Software Development

Contract Type:
Not provided

Salary:

Not provided

Save Job

Apply Position

Job Description:

You will be part of our Security team and your responsibility will be to define and promote secure software development best practices across our engineering team and help ensure compliance with internal and external security standards and requirements.

Job Responsibility:

Define, document and promote secure software development practices across Ledger’s engineering teams
Build and maintain security tooling to support automated analysis, vulnerability detection, and enforcement of secure coding standards
Drive the adoption of security checks and controls in the CI/CD pipeline (e.g. linters, SAST, dependency scanning)
Own and improve our quorum-based release security process, ensuring that only reviewed, signed, and approved builds can be released to production
Provide guidance and support to developers on secure design and implementation decisions
Contribute to the definition and implementation of internal security standards, guidelines, and checklists
Partner with the Product Security, Donjon, and Software teams to ensure security is a shared responsibility throughout the SDLC
Monitor industry trends and adapt internal practices to evolving threats and technologies
Help ensure compliance with internal and external security requirements (e.g. certifications, audits)

Requirements:

Strong experience with secure software development processes and practices (e.g. threat modeling, secure coding, security testing)
Practical experience implementing and managing security tooling in a CI/CD environment
Experience writing or maintaining security-related documentation and standards
Familiarity with modern software delivery practices (e.g. GitOps, infrastructure as code)
A pragmatic mindset focused on enabling developers rather than blocking them
Prior experience working with or managing secure release models is a plus
Good understanding of risk assessment and software architecture security
Proficiency in scripting and automation (Python, Bash, etc)
Familiarity with code analysis tools (linters, SAST, dependency scanners like Snyk or Trivy)
Understanding of common software vulnerabilities (e.g. OWASP Top 10) and how to prevent them
Experience with GitHub workflow and build systems
Knowledge of secure release workflows (signing, approvals, reproducible builds)
Experience in C, Rust, Scala, or embedded environments is a plus
Basic knowledge of cryptography and secure communications protocols is a plus

Nice to have:

Prior experience working with or managing secure release models
Experience in C, Rust, Scala, or embedded environments
Basic knowledge of cryptography and secure communications protocols

What we offer:

Equity: Employees are the foundation of our success, and we award stock options so you can share in that success as we grow
Flexibility: A hybrid work policy
Social: Annual company outing for Ledgerdary Days, plus frequent social events, snacks and drinks
Medical: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage
Well-being: Personal development, coaching & fitness with our dedicated partners
Vacation: Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days
High tech: Access to high performance office equipment and gadgets, including Apple products
Transport: Ledger reimburses part of your preferred means of transportation
Discounts: Employee discount on all our products

Additional Information:

Job Posted:
April 24, 2025

Employment Type:

Fulltime

Work Type:

Hybrid work

View All Jobs In This Company

Job Link Share:

Senior Security Engineer SDLC