Security Certification Engineer

Paris, France
Engineering – Donjon
CDI
Ledger has successfully managed an exhaustive product security certification program related to hardware wallets Nano S and Nano X which have been certified by the French Security Agency (ANSSI). The objective is to expand the scope of this certification program by putting in place the organisational security certification program related to the Vault B2B solution.

The two objectives linked to this Vault certification program are:
Improve current methodologies.
Obtain the organisational security certification.
Ledger is thus looking for a Security Certification Engineer inside the Security Team to contribute to this organisational security program.

Requirements and qualifications

    • Flexibility, adaptability, and willingness to learn new technologies to support business
    • Diploma in Cryptography, Computer Science, Engineering or similar relevant field
    • Experience in implementing and/or auditing one or several organisational security certification frameworks: SOC2 Type 1 and Type 2 (Ledger’s preference), ISO27001 / ISO27002, NIST 800-53.

    • Strong interaction with:
    • Infrastructure Team in charge of managing the Vault solution
    • Security Team performing in-depth security assessment
    • Development Team (software and firmware) designing and implementing the Vault solution
    • Consulting companies supporting Ledger for this certification program 

    • Fluent written and spoken English
    • Some knowledge in cryptography (Symmetric and Asymmetric cryptography)
    • Blockchain knowledge is a plus

Missions

    • Produce the set of documents (policies, processes, reports, records, guidelines,...)
    • Update the set of documents based on internal and external feedbacks
    • Ensure the security rules are properly followed
    • Offer some technical solutions so that the certification is not only easier to implement but also easier to maintain and follow
    • Prepare the file related to the organisational security certification audit
    • Support the third-party company during the security audit
    • Take into account remarks raised during the security audit
    • Develop a strong interaction with a set of stakeholders:
    • Infrastructure Team managing the Vault
    • Security Team performing in-depth security assessments
    • Development Team (both software and firmware) designing and implementing the Vault
    • Consulting companies supporting Ledger for this certification program