Ledger is hiring a

Web3 Senior Security Engineer SDLC

We're making the world of digital assets accessible and secure for everyone. Join the mission. Founded in 2014, Ledger is the global platform for digital assets and Web3. Over 20% of the world’s crypto assets are secured through our Ledger Nanos.

Headquartered in Paris and Vierzon, with offices in UK, US, Switzerland and Singapore, Ledger has a team of more than 900 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including the Ledger hardware wallets line with more than 6 millions units already sold in 200 countries.

At Ledger, we embody the values that make us unique: Pragmatism, Audacity, Commitment, Trust and Transparency. Hear from our employees how they shape the work we do here.

● Define, document and promote secure software development practices across Ledger’s engineering teams.

● Build and maintain security tooling to support automated analysis, vulnerability detection, and enforcement of secure coding standards.

● Drive the adoption of security checks and controls in the CI/CD pipeline (e.g. linters, SAST, dependency scanning).

● Own and improve our quorum-based release security process, ensuring that only reviewed, signed, and approved builds can be released to production.

● Provide guidance and support to developers on secure design and implementation decisions.

● Contribute to the definition and implementation of internal security standards, guidelines, and checklists.

● Partner with the Product Security, Donjon, and Software teams to ensure security is a shared responsibility throughout the SDLC.

● Monitor industry trends and adapt internal practices to evolving threats and technologies.

● Help ensure compliance with internal and external security requirements (e.g. certifications, audits).

● Strong experience with secure software development processes and practices (e.g. threat modeling, secure coding, security testing). ● Practical experience implementing and managing security tooling in a CI/CD environment.

● Experience writing or maintaining security-related documentation and standards.

● Familiarity with modern software delivery practices (e.g. GitOps, infrastructure as code).

● A pragmatic mindset focused on enabling developers rather than blocking them.

● Prior experience working with or managing secure release models is a plus.

● Good understanding of risk assessment and software architecture security.

● Proficiency in scripting and automation (Python, Bash, etc).

● Familiarity with code analysis tools (linters, SAST, dependency scanners like Snyk or Trivy).

● Understanding of common software vulnerabilities (e.g. OWASP Top 10) and how to prevent them.

● Experience with GitHub workflow and build systems.

● Knowledge of secure release workflows (signing, approvals, reproducible builds).

● Experience in C, Rust, Scala, or embedded environments is a plus.

● Basic knowledge of cryptography and secure communications protocols is a plus.

● Equity: Employees are the foundation of our success, and we award stock options so you can share in that success as we grow.

● Flexibility: A hybrid work policy.

● Social: Annual company outing for Ledgerdary Days, plus frequent social events, snacks and drinks.

● Medical: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage.

● Well-being: Personal development, coaching & fitness with our dedicated partners.

● Vacation: Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days.

● High tech: Access to high performance office equipment and gadgets, including Apple products.

● Transport: Ledger reimburses part of your preferred means of transportation.

● Discounts: Employee discount on all our products.