As a Security Engineer within GitGuardian’s Security & IT team, you will work under the management of our Security lead and interact with all Guardians.

The Security & IT team is responsible for protecting all GitGuardian’s assets & systems, implementing guardrails enabling teams to deliver securely. The team focuses on these four scopes: applications, infrastructure platform, IT & governance.

You’ll contribute to the security team’s general backlog, and your primary responsibility will be building scalable security mechanisms within GitGuardian’s software delivery pipeline, supply chain, service & corporate infrastructure.

Your main responsibilities will be to:

1. Work with the team on projects such as:

• Automating Identity and Access Management, using Terraform and Okta.

• Advancing on securing our software supply chain, and patch and vulnerability management program by designing reliable and maintainable automations.

• Improve our security observability & monitoring systems and processes.

• Design and implement security mechanisms for corporate IT users (eg, ZTNA, SWG).

• Enhance our application security by participating in architecture and code reviews with our project managers and developers, performing pentesting of new features, and assisting in offensive engagements.

2. Contribute to the team’s operational activities such as:

• Handling reports from our bug bounty programs, ensuring timely coordination and remediation with relevant teams.

• Responding to identified threats & vulnerabilities detected by our security stack (SIEM, WAF, EDR, DAST, …).

Technical environment

• Frontend: React / TypeScript

• Backend: Python + Django, Rust, RabbitMQ, PostgreSQL, Redis

• Infrastructure: Docker, Kubernetes, Terraform, AWS, OVH

• Security: Okta, Vault, SignalSciences WAF, CarbonBlack, Vanta, YesWeHack, Panther, StackHawk

If you think you match at least 70% of these criteria, please apply!

Here’s what we consider essential for success in this role:

• Fluency in English.

• 1-2 years of experience as a security, infrastructure or software engineer.

• Strong experience with scripting languages (Bash, Python).

• Experience with Infrastructure as Code tooling (Terraform, Kubernetes, Helm, Ansible) and with containerized systems.

• Experience with CI/CD & toolchains.

• Substantial experience in cloud & web application security.

• Familiarity with the administration of SaaS tools (Google Workspace, Okta, …).

The following skills would strengthen your application, but aren’t required:

• Speaking French.

• Experience building security monitoring & alerting systems.

• Experience with a software vendor scaleup.

• Experience with SOC 2 or ISO27001 requirements.

1. Video call with a Talent Acquisition team member

To discover your professional project and evaluate if there could be a mutual match.

2. Interview with your future manager

To know more about yourself and your achievements, and present to you the team.

3. Technical interview

To evaluate your skills for the position and project yourself into the role.

4. Final interview with an Executive Manager

To detail our company’s vision and ambitions for the next couple of years.