The Security & IT team (3 people) is responsible for protecting all GitGuardian’s assets & systems, implementing guardrails enabling teams to deliver securely. The team focuses on these four scopes: applications, infrastructure platform, IT & governance.

As a Security Engineer, you will work under the management of our Security lead and interact with all Guardians.

You’ll contribute to the security team’s general backlog, and your primary responsibility will be building scalable security mechanisms within GitGuardian’s software delivery pipeline, supply chain, service & corporate infrastructure.

Your main responsibilities will be to:

Work with the team on projects (70% of the time) such as:

• Automating Identity and Access Management on Okta.

• Advancing on securing our software supply chain, and patch and vulnerability management program by designing reliable and maintainable automations.

• Improve our security observability & monitoring systems and processes.

• Design and implement security mechanisms for corporate IT users (eg, ZTNA, SWG).

• Enhance our application security by participating in architecture and code reviews with our project managers and developers, performing pentesting of new features, and assisting in offensive engagements.

Contribute to the team’s operational activities (30% of the time) such as

• Handling reports from our bug bounty programs, ensuring timely coordination and remediation with relevant teams.

• Responding to identified threats & vulnerabilities detected by our security stack (SIEM, WAF, EDR, DAST, …).

Technical environment

• Frontend: React / TypeScript

• Backend: Python + Django, Rust, RabbitMQ, PostgreSQL, Redis

• Infrastructure: Docker, Kubernetes, Terraform, AWS, OVH

• Security: Hashicorp Vault, SignalSciences WAF, CarbonBlack, Vanta, YesWeHack,

• Panther SIEM, StackHawk

• VCS: Gitlab

• Monitoring: Grafana, Datadog

• IT: Okta, Google Workspace, Kandji, Landscape, N8N, Notion

If you think you match at least 70% of these criteria, please apply!

Here’s what we consider essential for success in this role:

• You are fluent in English.

• You have at least a first professional full-time experience as a security, infrastructure or software engineer.

• You know how to automate your workload using scripting languages (bash, python)

• Experience with containerised systems.

• You know the basics of cloud & web application security.

• You are familiar with the administration of SaaS tools (Google Workspace, Okta, …).

• You understand the principles of Secret Management

The following skills would strengthen your application but aren’t required:

• Speaking French.

• Experience with Infrastructure as Code tooling (Terraform, Kubernetes, Helm, Ansible).

• Experience building security monitoring & alerting systems.

• Experience with a software vendor scaleup.

• Experience with SOC 2 or ISO27001 requirements.

1. Video call with Ghislain, your future manager (45min)

This first conversation evaluates your understanding of security engineering concepts and experience through questions about security practices, tools, and your experience.

You will also discuss the role and its responsibilities, as well as your career goals, and evaluate if there could be a mutual match.

2. Technical Interview (1h30)

We will mainly focus on evaluating your hard skills for the position.

Examples of topics addressed: scripting, security by automation, cloud and container’s environment, IaC.

3. Interviews with the CTO, n+2 (60min)

This conversation evaluates your cultural fit with the engineering department and the company. Jeremy will also detail his vision of security in the organization.

4.1 Final interview with an Executive Manager (30min)

To detail our company’s vision and ambitions for the next couple of years.

4.2 References check

You can start thinking about two contacts who can attest to your previous or current professional experiences. These contacts should be as recent as possible, and we will call them at the end of the process.