Application Security Engineer (W/M)

Paris 75017

ManoMano logo

ManoMano

ManoMano : tous vos produits de bricolage, rénovation et jardinage au meilleur prix
Apply now Apply later

Launched in 2013, ManoMano is the European leader specialised in DIY, home improvement and gardening online.  ManoMano brings together the largest offer of DIY & gardening online products. With more than 3600 seller partners and 10 million products, ManoMano brings together the largest offer across 6 countries : France, Belgium, Spain, Italy, Germany, United Kingdom.
We currently are 800 Manas & Manos, including a quarter of international talents and 24 nationalities, working in our 4 offices (Paris x2, Bordeaux and Barcelona). People are at the heart of ManoMano’s culture around our 3 core values : boldness, ingenuity and care.
Joining us is a tremendous human and business adventure ! We offer an ideal and (hyper)dynamic environment to put your skills on innovative and concrete projects on a European scale. Take a look at our Blog : https://medium.com/manomano-tech
Background & Missions
ManoMano, already positioned as the European leader in DIY, wants to propose the best online experience in DIY ecommerce. For this, ManoMano is extending an amazing security team, and is looking for a Application Security Engineer.
We are looking for an Application Security Engineer. In this role, you will help us build and mature application security practices and processes, with an automation first mindset, across the SDLC (Software Development Life Cycle).
You will partner with the rest of the AppSec team to make it easier for engineers to deliver secure applications, to improve our application security posture and to reduce risk to our customers and company. As a member of the AppSec domain, you will also participate in the development of our offensive security strategy by participating in the various penetration tests, red team missions and ethical hacking.
Your missions
- Provide to the developers the adapted tools to focus on the right threats. Implement and tune application security tools with developer user experience in mind, such as SCA, SAST, DAST, RASP
-Lead and support application security reviews and threat modeling including code review, static code analysis and dynamic testing.
- Automate and integrate security processes and controls throughout our entire SDLC from IDEs to source control systems to CI/CD pipelines to production deployments
- Collaborate with DevOps, Software Engineering, and Product Management to continuously improve our application security strategies and priorities for protecting our customers, sellers and company
- Report and communicate security issues and topics to technical and non-technical audiences. We will animate conferences and workshops.
- Consider emerging vulnerabilities and threats from within the context of organizational risk and business impact(s).
- Maintain a strong security culture: We create awareness and training programs. You maintain a high security culture in the company. Participate in the organization of the Sthack.fr
- Evangelizing security with our engineers. To be a key contact within the technical teams
- Involve in design solutions and fixing vulnerabilities. As a role of security referent, you would support operational and project teams in daily tasks and issues.
- Be the first response and remediation for security-related alerts/incidents.
- Develop an active defense: We develop and integrate security tools/solutions to automate and improve detection and remediation.
Your profile
- Bachelor’s degree in Computer Science, Engineering, Information Technology- You have a strong understanding of common and uncommon web application vulnerabilities and mitigations.- Hands-on experience implementing application security tools - Knowledge of secure web application architecture patterns and common vulnerabilities (OWASP Top 10, CWE/SANS Top 25)- Strong desire to learn, progress and innovate on intrusion techniques and offensive security - Experience using container and container orchestration technology (Docker, Kubernetes)- Experience with CI/CD toolsExcellent ability to communicate (oral and writing) to technical and non-technical audiences with a positive, collaborative, and enablement-focused attitudeCuriosity and desire to challenge conventional approaches to solving problems- Experience with scripting languages- Language: French, English- Demonstrated experience in capture the flag (CTFs) events, bug hunting or vulnerability research (CVEs) is a plus.
What we offer at ManoMano
- Fast growing start-up environment- international (20+ nationalties) & agile company- Sponsorings to external conferences - organisation of internal and external Meetups- Crafternoons every Thursday afternoon (share your knowledges, learn from others)- Swile card for lunch- 60% company medical insurance- 7 weeks of payed vacation- Choose your days of remote work per week (full remote possible)- Parenthood- Amazing work environment in Paris 17th, Bordeaux & Barcelona- Attractive salary (package)- Mac, PC or Linux: it’s up to you!We're actively seeking applications from candidates of all backgrounds.
If all the above rings a bell, it probably means that we are meant to meet each other ! Please get in touch.« So, come and plant the seeds of your success and gather the fruits of your labour »
The information collected on this form is recorded in a file used by ManoMano - Colibri SAS so that we can process your application.   The data is kept for 2 years from the date of your application. You can access your data, rectify it, request its deletion or exercise your right to limit the processing of your data. You can also exercise your right to the portability of your data. Consult the cnil.fr website for more information on your rights. To exercise these rights or if you have any questions about the processing of your data under this scheme, you can contact our data protection officer by writing to dpo@manomano.com.  If, after having contacted us, you feel that your "Data Protection" rights have not been respected, you may submit a complaint to the CNIL.

Job region(s): Europe
Job stats:  15  2  0
  • Share this job via
  • or

Explore more Information Security career opportunities