Senior Cloud Security Engineer

Job title: Senior Cloud Security Engineer

Location: Paris

About Ledger

We’re a team of experts pushing the limits of what’s possible, united by our common goal to unlock true freedom through digital ownership, making technology accessible for all. We believe in a world where users, creators and enterprises manage their value with ownership and freedom. Our curiosity drives us to innovate, empowering individuals on a global scale. We believe change is constant and our team moves forward as one, with a culture of problem‑solving where every employee is empowered and supported to challenge tradition and create solutions. Our mission is simple: to make self‑custody accessible and give people the keys to their own financial futures. If you want to make a true impact, we want you to join us at Ledger.

At Ledger, we’re proud to be the global platform for digital assets and Web3, with over 20% of the world’s crypto assets secured through our Ledger devices. With our headquarters in Paris, and offices in Vierzon, Grenoble, Montpellier, London, Portland, Geneva, Zurich and Central Singapore, we have a team of around 600 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including the Ledger hardware wallets line with more than 7.5 million units already sold in 200 countries.

The team: You will join Ledger’s Cyber Security team as a senior hands‑on security engineer focused on Infrastructure & Corporate Security.

Your mission is to raise the security baseline of Ledger’s cloud and corporate platforms by defining pragmatic security guidelines for Infrastructure teams, designing and implementing secure‑by‑default architectures, and delivering automation that makes security continuous (CI/CD, IaC, detection, hardening, and guardrails).

Ledger operates at the forefront of Web3 and hardware wallet security. We are looking for a highly technical, autonomous, and impact‑driven engineer who can operate in a fast‑moving environment, influence technical decisions, and become a trusted reference across teams on infrastructure and corporate security topics.

• Be the go‑to security partner for Infrastructure & Corporate platforms (e.g., AWS, Kubernetes/EKS, Terraform/IaC, networking, identity, endpoints, Google Workspace), providing clear standards, patterns, and design guidance.
• Embed security into delivery by partnering with Infrastructure, Engineering, and Product Security (Donjon) to drive early detection and mitigation of vulnerabilities (shift‑left + runtime controls).
• Design and implement secure architectures: threat modeling, security reviews, risk assessments, and security sign‑off for infrastructure and platform changes.
• Build security automation and tooling:
  • Integrate security checks into CI/CD (SAST, SCA, secrets scanning, IaC scanning, container/image scanning, policy‑as‑code).
  • Enable continuous compliance and evidence collection where relevant (e.g., SOC2‑oriented controls).
    
• Lead proactive security practices: vulnerability assessments, penetration testing (when relevant), Kubernetes and cloud posture reviews, and IaC code reviews with actionable remediation.
• Drive hardening and guardrails: secure configuration baselines, identity and access controls (least privilege), network segmentation, secrets management, logging/monitoring requirements, and standardized platform patterns.
• Support incident readiness and response for infra/corporate security events: detection coverage, triage playbooks, and post‑incident improvements in collaboration with the Security Operation Team.
• Continuously evaluate and introduce security solutions to address gaps, with a focus on operational simplicity and measurable risk reduction.
  

• 10+ years of experience in information security, including a strong focus on infrastructure, cloud, and/or platform security.
• 6+ years of hands‑on experience in DevSecOps, automation, and cloud‑native security (CI/CD, IaC, containers/Kubernetes).
• Strong technical proficiency with:
  • Linux/Unix, Git, scripting (Python preferred)
  • Terraform / Infrastructure-as-Code
  • Kubernetes (ideally EKS) and container security
  • AWS architectures and security controls (IAM, networking, logging, key management, posture management)
  • CI/CD systems and engineering workflows (GitHub/GitLab, etc.)
• Proven ability to define standards and influence engineering decisions across teams (guidelines, reference architectures, secure patterns).
• Solid experience deploying and operating security tooling (scanners, policy engines, detection/monitoring, vulnerability management), and working with incident response processes.
• Excellent written and verbal communication skills, able to produce clear technical guidance and drive alignment across stakeholders.
• Comfortable operating autonomously, handling ambiguity, and staying effective under pressure.

• Flexible work options - Our hybrid policy allows employees to work from home up to 3 times per week
• Health & Wellness support - Health and Life Insurance.
• Financial growth opportunities - Employees can become shareholders in Ledger as well as other financial benefits depending on your country of work.
• Commuter allowance - Ledger offers a commuter allowance to contribute to your preferred means of transportation.
• Learning & Development - A comprehensive suite of training solutions providing a personalised learning experience for every employee.

For regionally specific benefits, your Talent Acquisition contact will be able to provide you with more information.

We’re committed to building an inclusive hiring process. If you need any adjustments or accommodations, just let us know, we’ll do our best to support you.