About GitGuardian

GitGuardian is a global post-Series B cybersecurity scale-up, with team members in France, Europe and in the USA.

Among our early investors who saw our market value proposition, are the co-founder of GitHub, Scott Chacon, along with Solomon Hykes, Docker's co-founder. American and European top-tier VC firms have also invested in GitGuardian.

GitGuardian leads the way in Non-Human Identity security, offering end-to-end solutions from secrets detection in code, productivity tools and environments to strong remediation, observability and proactive prevention of leaks.

Our solutions are already used by more than 600K developers worldwide!

About your team and your mission

The Security & IT team (3 people) is responsible for protecting all GitGuardian’s assets & systems, implementing guardrails enabling teams to deliver securely. The team focuses on these four scopes: applications, infrastructure platform, IT & governance.

As a Security Engineer, you will work under the management of our Security lead and interact with all Guardians.

You’ll contribute to the security team’s general backlog, and your primary responsibility will be building scalable security mechanisms within GitGuardian’s software delivery pipeline, supply chain, service & corporate infrastructure.

Your main responsibilities will be to:

Work with the team on projects (70% of the time) such as:

• Automating Identity and Access Management on Okta.
• Advancing on securing our software supply chain, and patch and vulnerability management program by designing reliable and maintainable automations.
• Improve our security observability & monitoring systems and processes.
• Design and implement security mechanisms for corporate IT users (eg, ZTNA, SWG).
• Enhance our application security by participating in architecture and code reviews with our project managers and developers, performing pentesting of new features, and assisting in offensive engagements.

Contribute to the team's operational activities (30% of the time) such as

• Handling reports from our bug bounty programs, ensuring timely coordination and remediation with relevant teams.
• Responding to identified threats & vulnerabilities detected by our security stack (SIEM, WAF, EDR, DAST, …).

Technical environment

• Frontend: React / TypeScript
• Backend: Python + Django, Rust, RabbitMQ, PostgreSQL, Redis
• Infrastructure: Docker, Kubernetes, Terraform, AWS, OVH
• Security: Hashicorp Vault, SignalSciences WAF, CarbonBlack, Vanta, YesWeHack,
• Panther SIEM, StackHawk
• VCS: Gitlab
• Monitoring: Grafana, Datadog
• IT: Okta, Google Workspace, Kandji, Landscape, N8N, Notion

About you

If you think you match at least 70% of these criteria, please apply!

Here's what we consider essential for success in this role:

• You are fluent in English.
• You have at least a first professional full-time experience as a security, infrastructure or software engineer.
• You know how to automate your workload using scripting languages (bash, python)
• Experience with containerised systems.
• You know the basics of cloud & web application security.
• You are familiar with the administration of SaaS tools (Google Workspace, Okta, …).
• You understand the principles of Secret Management

The following skills would strengthen your application but aren't required:

• Speaking French.
• Experience with Infrastructure as Code tooling (Terraform, Kubernetes, Helm, Ansible).
• Experience building security monitoring & alerting systems.
• Experience with a software vendor scaleup.
• Experience with SOC 2 or ISO27001 requirements.

The interview process

At GitGuardian, we are committed to building a diverse, equitable and inclusive workforce.

We will ask for your gender identity on the application page to help us understand the diversity of our applicant pool and to track our progress in attracting and hiring a diverse workforce. The information is optional and will not be disclosed to the hiring manager or the interview team and will not be considered in the hiring process. We appreciate your willingness to share this with us so that we can continue to improve our diversity, equity and inclusion efforts.

1. Video call with Ghislain, your future manager (45min)

This first conversation evaluates your understanding of security engineering concepts and experience through questions about security practices, tools, and your experience.

You will also discuss the role and its responsibilities, as well as your career goals, and evaluate if there could be a mutual match.

2. Technical Interview (1h30)

We will mainly focus on evaluating your hard skills for the position.

Examples of topics addressed: scripting, security by automation, cloud and container’s environment, IaC.

3. Interviews with the CTO, n+2 (60min)

This conversation evaluates your cultural fit with the engineering department and the company. Jeremy will also detail his vision of security in the organization.

4.1 Final interview with an Executive Manager (30min)

To detail our company’s vision and ambitions for the next couple of years.

4.2 References check

You can start thinking about two contacts who can attest to your previous or current professional experiences. These contacts should be as recent as possible, and we will call them at the end of the process.

Benefits

• 💰 Package that includes stock-options
• 🍜 Lunch voucher (Swile)
• 🏥 Non-charged health insurance for children (Sidecare / Generali)
• 💻 Up to €300 to improve your home office set-up
• 🌴 Yearly holiday allowance
• 🤝 Referral bonus of 4000€ for any new Guardian we might hire thanks to you
• 🎡 Team building: monthly budget dedicated to each employee that you can spend as you wish, with colleagues (latest examples to date: Michelin star restaurant, karaoke, stand-up show, kitesurfing week-end, ...)

And also...

• 🏡 Remote policy: hybrid (2 days/week at the office)
• 📈 Opportunities for career development in the long term

More about GitGuardian!

Products

• Understand how GitGuardian works in this short video!
• Want to go even further? Check out our public roadmap!
• Check out the State of Secrets Sprawl Report to understand our mission and the industry.
• Our solutions are already used by hundreds of thousands of developers in all industries and GitGuardian platform is the n°1 app on the GitHub marketplace 🔥

Clients

• GitGuardian helps organizations find exposed sensitive information that could often lead to tens of millions of dollars in potential damage.
• More than 70% of our customers are in the United States.
• Many F500 companies use GitGuardian's platform.

People

• The Guardians are knowledgeable, committed, serious, aligned with the company’s mission, and true team players: always willing to help each other grow our skill sets!
• The team is diverse and we hail from more than 20 different countries.
• We are also agile, remote-friendly, and fun people to work with.
• You will get trust & autonomy on your perimeter with a very transparent internal communication and a strong impact on the company development.

If you think you match at least 70% of these criteria, please apply!

Here’s what we consider essential for success in this role:

• You are fluent in English.

• You have at least a first professional full-time experience as a security, infrastructure or software engineer.

• You know how to automate your workload using scripting languages (bash, python)

• Experience with containerised systems.

• You know the basics of cloud & web application security.

• You are familiar with the administration of SaaS tools (Google Workspace, Okta, …).

• You understand the principles of Secret Management

The following skills would strengthen your application but aren’t required:

• Speaking French.

• Experience with Infrastructure as Code tooling (Terraform, Kubernetes, Helm, Ansible).

• Experience building security monitoring & alerting systems.

• Experience with a software vendor scaleup.

• Experience with SOC 2 or ISO27001 requirements.

1. Video call with Ghislain, your future manager (45min)

This first conversation evaluates your understanding of security engineering concepts and experience through questions about security practices, tools, and your experience.

You will also discuss the role and its responsibilities, as well as your career goals, and evaluate if there could be a mutual match.

2. Technical Interview (1h30)

We will mainly focus on evaluating your hard skills for the position.

Examples of topics addressed: scripting, security by automation, cloud and container’s environment, IaC.

3. Interviews with the CTO, n+2 (60min)

This conversation evaluates your cultural fit with the engineering department and the company. Jeremy will also detail his vision of security in the organization.

4.1 Final interview with an Executive Manager (30min)

To detail our company’s vision and ambitions for the next couple of years.

4.2 References check

You can start thinking about two contacts who can attest to your previous or current professional experiences. These contacts should be as recent as possible, and we will call them at the end of the process.