Security Engineer

Requirements

• You have at least 2 years of experience as a security, infrastructure, or software engineer
• You know how to automate your workload using scripting languages (Bash, Python)
• You are comfortable working in containerised environments (Docker at minimum, Kubernetes is a plus)
• You understand the principles of Secret Management: never hardcode secrets, environment separation, rotation, least privilege
• You know the basics of cloud and web application security
• You are familiar with the administration of SaaS tools (Google Workspace, Okta, or equivalent)
• You take initiative without being asked, own your work end to end, and look for impact beyond your immediate scope
• You are open to using AI tools as part of your day-to-day work
• You are fluent in English
• (Desirable) Experience with Infrastructure as Code tooling (Terraform, Kubernetes, Helm, Ansible)
• (Desirable) Experience building security monitoring and alerting systems (SIEM)
• (Desirable) Experience with SOC 2 or ISO 27001 requirements
• (Desirable) Experience with a software vendor scaleup
• (Desirable) Familiarity with OWASP Top 10 and auditing methodologies
• (Desirable) Speaking French
• If you think you match at least 70% of these criteria, please apply!

What the job involves

• The Security & IT team is responsible for protecting GitGuardian’s infrastructure, applications, and internal access systems, while ensuring compliance with security standards and customer requirements
• It operates in a highly cross‑functional way, working closely with engineering teams (product and infrastructure) to secure systems, support developers in building secure software (code reviews, security audits, awareness), and handle operational security and compliance topics (IAM, vulnerability management, alerting, incident response)
• The team also plays a key role in addressing customer security requirements and maintaining GitGuardian’s trust standards
• You work across both build (designing and automating security mechanisms) and run (handling security risks and operational security activities), in close collaboration with engineering teams
• Automate and strengthen Identity and Access Management (IAM) in partnership with the IT team (Terraform, Okta)
• Improve software supply chain security, as well as patch management and vulnerability management programs
• Develop security observability capabilities (monitoring, SIEM, alerting)
• Design and deploy security mechanisms for corporate IT environments (ZTNA, SWG, etc.)
• Contribute to application security through architecture and code reviews, as well as security assessments of new features
• Take part in operational security activities: vulnerability and alert handling, incident response, and remediation coordination
• Contribute to SOC 2 compliance and handle customer security questionnaires

Key projects

• Redesign of the identity and access management (IAM) system and migration to a cloud-based solution
• Migration from VPN to Cloudflare Access
• Improvements to monitoring and SIEM to reduce noise and strengthen alert detection
• Strengthening vulnerability management and incident response processes
• Ongoing SOC 2 compliance program and handling of customer security questionnaires

Technology stack

• Application & Pipeline Security: Git

  Lab CI (pipeline security gates, SAST/DAST integration), Stack

  Hawk (DAST), Git

  Guardian (secrets detection), Yes

  We

  Hack (bug bounty)
• Backend & Frontend: Python + Django, Rust, Rabbit

  MQ, Postgre

  SQL, Redis
• React / TypeScript
• Infrastructure & Dev

  Sec

  Ops: Docker, Kubernetes, Terraform, Helm, AWS, OVH, Hashi

  Corp Vault (secrets management)
• Security & Compliance: Panther SIEM, Cloudflare WAF, CrowdStrike (EDR/endpoint protection), Vanta (SOC 2 compliance automation)
• Monitoring & Observability: Coralogix
• Identity & Access: Okta (SSO, SCIM provisioning), Google Workspace
• IT & Collaboration: Kandji, Landscape (device management), N8n (workflow automation), Notion, Slack, Linear