About Ledger

We’re a team of experts pushing the limits of what’s possible, united by our common goal to unlock true freedom through digital ownership, making technology accessible for all. We believe in a world where users, creators and enterprises manage their value with ownership and freedom. Our curiosity drives us to innovate, empowering individuals on a global scale. We believe change is constant and our team moves forward as one, with a culture of problem-solving where every employee is empowered and supported to challenge tradition and create solutions. Our mission is simple: to make self-custody accessible and give people the keys to their own financial futures. If you want to make a true impact, we want you to join us at Ledger.

At Ledger, we’re proud to be the global platform for digital assets and Web3, with over 20% of the world’s crypto assets secured through our Ledger devices. With our headquarters in Paris, and offices in Vierzon, Grenoble, Montpellier, London, Portland, Geneva, Zurich and Central Singapore, we have a team of around 600 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including the Ledger hardware wallets line with more than 7.5 millions units already sold in 200 countries.

Internship duration: 6 months

The team:

The Donjon is the team in charge of the security of all the products built at Ledger. As part of that role, we closely track the state of the art of the whole spectrum of attack techniques, and strive to push its boundaries.

We are looking for a Security Engineer intern to work on security assurance tooling for the applications that run on our devices (Bitcoin, Ethereum, etc). These applications are stateful programs that manipulate potentially attacker-controlled structured data, and their security is paramount. A lot of previous art of course exists in automated security analysis, from bug-finding using fuzzers to more formal, static approaches. You will have to discerningly reach for the right tools in this literature and expand on them, including using LLMs where relevant, and integrate your work into CI pipelines for production code.

What you'll be doing:

• Research and implement various automated security analysis techniques, including fuzzing, static analysis or symbolic execution.

• Build up a benchmark to compare and identify the most relevant solutions in the specific context of embedded applications.

• Refine and extend existing tools, with opportunities to explore the use of LLMs.

• Integrate and deploy your work into CI pipelines.

• Contribute to security reviews of new embedded applications or features.

• Develop new fuzzing harnesses or improve on existing ones.

• Present your work and results internally and to engineering teams.

What we're looking for:

• Experience in C (mandatory), and strong understanding of memory corruption and undefined behaviour.

• Strong understanding of some of the established automated security analysis techniques (fuzzing, abstract interpretation based static analysis, symbolic execution).

• Good knowledge of exploitation techniques, and of mitigations against such techniques.

• Basic understanding of LLMs and curiosity as to how they can be used to automate parts of the security evaluation process.

• Ability to formalize and effectively communicate your work in written and spoken English.

• Basic working knowledge of Git.

At Ledger, we are dedicated to continually investing in our employees which is why we offer more than just salaries; we provide comprehensive compensation packages that include a wide range of benefits. Here are some of the benefits you can look forward to:

• Social: Frequent social events, snacks and drinks

• Transportation allowance: Ledger offers a commuter allowance to contribute to your preferred means of transportation.

• Lunch vouchers: Ledger offers a meal allowance with Swile

• Vacation: 1 day off for every full month of work, in addition to national holidays

• Compensation: €1,500 a month

For regionally specific benefits, your Talent Acquisition contact will be able to provide you with more information.

We’re committed to building an inclusive hiring process. If you need any adjustments or accommodations, just let us know, we’ll do our best to support you.