We're making the world of digital assets accessible and secure for everyone. Join the mission. Founded in 2014, Ledger is the global platform for digital assets and Web3. Over 20% of the world’s crypto assets are secured through our Ledger Nanos. Headquartered in Paris and Vierzon, with offices in UK, US, Switzerland and Singapore, Ledger has a team of more than 900 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including the Ledger hardware wallets line with more than 6 millions units already sold in 200 countries. You will be a part of Ledger's Cyber Security team. Your mission is twofold:1. Building and driving the cybersecurity transformation by integrating secure development practices into our developer journey, ensuring application security via automated scanning, and collaborating closely with the Infrastructure, Engineering, and The product security (Donjon) teams. 2. Running the day-to-day security operations, Endpoint Detection and Response (EDR), incident management, vulnerabilities scanners results, bug bounty management, and other operational aspects. In the ever-evolving landscape of cryptocurrency and blockchain technology, Ledger stands at the forefront, setting industry standards - As we strategically prepare for forthcoming market dynamics, the role of the Cyber Security team emerges as a cornerstone in our mission. Ensuring start-of-the-art security for our platforms and our infrastructure are not just tasks – they are imperatives. Your role will extend beyond the day-to-day; it will lay the foundational processes and procedures that ensure Ledger's resilience, adaptability, and leadership in the market. If you are deeply passionate about security, adept at navigating complex challenges, and driven to foster best-in-class operational excellence, Ledger invites you to be part of our journey.
Your mission
Collaborate with the Infrastructure, the engineering and the Donjon teams to integrate security into the delivery plans, ensure early detection and mitigation of security vulnerabilitiesÂ
Work closely with the Donjon, the product Security team responsible, to provide automation and tooling for product security evaluation integration in CI/CD pipeline. Engage in proactive security practices, including penetration testing, vulnerability assessments, and Infrastructure Security (IaC) code reviews to ensure Ledger's platforms and applications are secure.
Participate in the design and implementation of security architectures, from the design to the risk assessment.
Track and monitor the organization's security maturity by leveraging automated tools. Extract, analyze, and report on key performance indicators (KPIs) and trends for reporting.
Act as the primary point of contact for any security incidents, ensuring rapid response, mitigation, and post-incident analysis.
Drive the adoption of DevSecOps culture, best practices, and methodologies across the organization, ensuring continuous security improvement.
Mentor and provide application security awareness to developers, ensuring secure coding practices are integrated into the development lifecycle..Monitor and assess the organization's security posture and propose improvements or new security solutions to address identified gaps.
Work closely with the certification team for the SOC2 II gap analysis and provide technical guidance to fill the identified gaps with the infrastructure and engineering team.
What we’re looking for
5+ years of experience in cybersecurity, with a focus on DevSecOps & automation, security assessment, and mix environments (cloud-native, physical DCs, IT).
Proficiency working in Unix/Linux environments, Git, Python, AWS cloud solutions and architectures, CI/CD tools, configuration management, etc.
Expertise in IAM design, ZTNA, access control architectures, SIEM, SoC, EDR and application security.
Hands-on experience with security tooling deployment, monitoring, and incident response.
Proven track record of cross-functional work, with the ability to collaborate effectively with various teams and stakeholders.
Excellent presentation and written communication skills.
Ability to work autonomously, deal with ambiguity, and handle high-pressure situations.
What’s in it for you?
Equity : Employees are the foundation of our success, and we award stock options so you can share in that success as we grow.Â
Flexibility : A hybrid work policy.
Social : Annual company outing for Ledgerdary Days, plus frequent social events, snacks and drinks
Medical : Comprehensive health insurance policy offering extensive medical, dental and vision care coverage.Â
Well-being : Personal development, coaching & fitness with our dedicated partners.
Vacation : Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days.
High tech: Access to high performance office equipment and gadgets, including Apple products.Â
Transport : Ledger reimburses part of your preferred means of transportation.Â
Discounts : Employee discount on all our products.
We are an equal opportunity employer for all without any distinction of gender, ethnicity, religion, sexual orientation, social status, disability or age.#LI-HG #LI-Hybrid
