Senior Cyber Security Engineer - Cloud Security
Posted on Tuesday, November 14, 2023
We're making the world of digital assets accessible and secure for everyone. Join the mission.
Founded in 2014, Ledger is the global platform for digital assets and Web3. Over 20% of the world’s crypto assets are secured through our Ledger Nanos. Headquartered in Paris and Vierzon, with offices in UK, US, Switzerland and Singapore, Ledger has a team of more than 900 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including the Ledger hardware wallets line with more than 6 millions units already sold in 200 countries.
Reporting to the Cyber Security Operations & Engineering Senior Manager, you will be a part of Ledger's Cyber Security team.
Your mission is twofold: Building and driving the cybersecurity transformation by integrating secure development practices, ensuring application security via automated scanning, and collaborating closely with the Infrastructure, Engineering, and The product security (Donjon) teams. Running the day-to-day security operations, Endpoint Detection and Response (EDR), incident management, vulnerabilities scanners results, bug bounty management, and other operational aspects.
- Collaborate with the Infrastructure, the engineering and the Product Security teams to integrate security into the delivery plans, ensure early detection and mitigation of security vulnerabilities
- Work closely with the product Security team responsible, to provide automation and tooling for product security evaluation integration in CI/CD pipeline.
- Engage in proactive security practices, including penetration testing, vulnerability assessments, and Infrastructure Security (IaC) code reviews to ensure Ledger's platforms and applications are secure.
- Participate in the design and implementation of security architectures, from the design to the risk assessment.
- Act as the primary point of contact for any security incidents, ensuring rapid response, mitigation, and post-incident analysis.
- Drive the adoption of DevSecOps culture, best practices, and methodologies across the organization, ensuring continuous security improvement.
What we’re looking for
- 5+ years of experience on information security, including 3 years of experience in cybersecurity, with a focus on DevSecOps & automation, security assessment, and cloud-native environments.
- Proficiency working in Unix/Linux environments, Git, Python, Terraform, Kubernetes, AWS cloud solutions and architectures, CI/CD tools, configuration management, etc.
- Hands-on experience with security tooling deployment, monitoring, and incident response.
- Proven track record of cross-functional work, with the ability to collaborate effectively with various teams and stakeholders.
- Excellent presentation and written communication skills.
- Ability to work autonomously, deal with ambiguity, and handle high-pressure situations.
What’s in it for you?
- Equity: Employees are the foundation of our success, and we award stock options so you can share in that success as we grow.
- Flexibility: A hybrid work policy.
- Social: Annual company outing for Ledgerdary Days, plus frequent social events, snacks and drinks
- Medical: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage.
- Well-being: Personal development, coaching & fitness with our dedicated partners.
- Vacation: Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days.
- High tech: Access to high performance office equipment and gadgets, including Apple products.
- Transport: Ledger reimburses part of your preferred means of transportation.
- Discounts: Employee discount on all our products.
We are an equal opportunity employer for all without any distinction of gender, ethnicity, religion, sexual orientation, social status, disability or age.