Application Security Engineer (W/M)
Paris 75017
Applications have closed
ManoMano
ManoMano : tous vos produits de bricolage, rénovation et jardinage au meilleur prixWe currently are 800 Manas & Manos, including a quarter of international talents and 24 nationalities, working in our 4 offices (Paris x2, Bordeaux and Barcelona). People are at the heart of ManoMano’s culture around our 3 core values : boldness, ingenuity and care.
Joining us is a tremendous human and business adventure ! We offer an ideal and (hyper)dynamic environment to put your skills on innovative and concrete projects on a European scale. Take a look at our Blog : https://medium.com/manomano-tech
Background & Missions
ManoMano, already positioned as the European leader in DIY, wants to propose the best online experience in DIY ecommerce. For this, ManoMano is extending an amazing security team, and is looking for a Application Security Engineer.
We are looking for an Application Security Engineer. In this role, you will help us build and mature application security practices and processes, with an automation first mindset, across the SDLC (Software Development Life Cycle).
You will partner with the rest of the AppSec team to make it easier for engineers to deliver secure applications, to improve our application security posture and to reduce risk to our customers and company. As a member of the AppSec domain, you will also participate in the development of our offensive security strategy by participating in the various penetration tests, red team missions and ethical hacking.
Your missions
- Provide to the developers the adapted tools to focus on the right threats. Implement and tune application security tools with developer user experience in mind, such as SCA, SAST, DAST, RASP
-Lead and support application security reviews and threat modeling including code review, static code analysis and dynamic testing.
- Automate and integrate security processes and controls throughout our entire SDLC from IDEs to source control systems to CI/CD pipelines to production deployments
- Collaborate with DevOps, Software Engineering, and Product Management to continuously improve our application security strategies and priorities for protecting our customers, sellers and company
- Report and communicate security issues and topics to technical and non-technical audiences. We will animate conferences and workshops.
- Consider emerging vulnerabilities and threats from within the context of organizational risk and business impact(s).
- Maintain a strong security culture: We create awareness and training programs. You maintain a high security culture in the company. Participate in the organization of the Sthack.fr
- Evangelizing security with our engineers. To be a key contact within the technical teams
- Involve in design solutions and fixing vulnerabilities. As a role of security referent, you would support operational and project teams in daily tasks and issues.
- Be the first response and remediation for security-related alerts/incidents.
- Develop an active defense: We develop and integrate security tools/solutions to automate and improve detection and remediation.
Your profile
- Bachelor’s degree in Computer Science, Engineering, Information Technology- You have a strong understanding of common and uncommon web application vulnerabilities and mitigations.- Hands-on experience implementing application security tools - Knowledge of secure web application architecture patterns and common vulnerabilities (OWASP Top 10, CWE/SANS Top 25)- Strong desire to learn, progress and innovate on intrusion techniques and offensive security - Experience using container and container orchestration technology (Docker, Kubernetes)- Experience with CI/CD toolsExcellent ability to communicate (oral and writing) to technical and non-technical audiences with a positive, collaborative, and enablement-focused attitudeCuriosity and desire to challenge conventional approaches to solving problems- Experience with scripting languages- Language: French, English- Demonstrated experience in capture the flag (CTFs) events, bug hunting or vulnerability research (CVEs) is a plus.
What we offer at ManoMano
- Fast growing start-up environment- international (20+ nationalties) & agile company- Sponsorings to external conferences - organisation of internal and external Meetups- Crafternoons every Thursday afternoon (share your knowledges, learn from others)- Swile card for lunch- 60% company medical insurance- 7 weeks of payed vacation- Choose your days of remote work per week (full remote possible)- Parenthood- Amazing work environment in Paris 17th, Bordeaux & Barcelona- Attractive salary (package)- Mac, PC or Linux: it’s up to you!We're actively seeking applications from candidates of all backgrounds.
If all the above rings a bell, it probably means that we are meant to meet each other ! Please get in touch.« So, come and plant the seeds of your success and gather the fruits of your labour »
The information collected on this form is recorded in a file used by ManoMano - Colibri SAS so that we can process your application. The data is kept for 2 years from the date of your application. You can access your data, rectify it, request its deletion or exercise your right to limit the processing of your data. You can also exercise your right to the portability of your data. Consult the cnil.fr website for more information on your rights. To exercise these rights or if you have any questions about the processing of your data under this scheme, you can contact our data protection officer by writing to dpo@manomano.com. If, after having contacted us, you feel that your "Data Protection" rights have not been respected, you may submit a complaint to the CNIL.
Tags: Agile Application security Automation CI/CD Code analysis Computer Science DAST DevOps Docker E-commerce Ecommerce Ethical hacking Kubernetes Linux Offensive security OWASP Red team SANS SAST Scripting SDLC Security strategy Strategy Vulnerabilities
Perks/benefits: Conferences Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs