Application Security Engineer
PennylanePennylane est la plateforme tout-en-un de gestion financière et comptabilité des dirigeants d'entreprise et de leurs experts-comptables
Then Pennylane might be the right place for you — and you, might be the perfect fit for this role 🙂
We aim to become the most beloved financial Operating System of European SMEs.
We help business owners get rid of the time consuming hassle of handling accounting and finance, while giving them access to key information that they can use to make better decisions.
Meanwhile, we’re helping accountants. By using Pennylane, rather than doing manual and repetitive tasks, they can spend more time advising and guiding their clients.
Pennylane is one of the fastest growing Fintechs in France (and soon to be in Europe!)
In 4 years of existence, we’ve managed to :
💻 Make ourselves known as a groundbreaking accounting and financial software for small businesses and their accountants💰 Raise a total of €84 millions, including from Sequoia 🌲, the famous fund from the Silicon Valley who invested early in companies like Google, Facebook, Airbnb, Stripe, Paypal and much more...👨👩👧👦 Grow from 7 cofounders to 370+ happy Pennylaners : we’re now recognized as one of the greatest places to work in France (but also remotely), with a 5/5 rating on Glassdoor and an e-NPS of 94.🌍 Build an international environment with more than 26 nationalities, with a strong remote-friendly culture, where 30% of the employees are already working from all parts of Europe🤝 Earn the trust of thousands of customers and accounting firms and obtain outstanding ratings
WHY this position is of utmost importance to reach our mission
We are looking for an Application Security Engineer to join Louis and Romain in the technical security team. Reporting directly to Guillaume, our Head of Information Security, you will be responsible for all technical matters involving security issues. Working with the security compliance team, you may be required to provide technical support to the team in the definition and monitoring of long-term projects designed to strengthen the security of our assets in a sustainable manner. You will have a key role in advising, assisting, informing, training and alerting all employees (especially developers). You will also be responsible for the day-to-day management of technical operations in the context of ISO 27001 certification.
The technical security team is involved from the identification/detection of a security issue to its resolution (development and implementation of the security patches). If the needs or the complexity of the patch are too great, the security team can count on the support of the developers and in particular the Security Champions team to sustain the effort.
🎯 Your tasks
You will be required to work on :
- All technical security issues/projects while providing technical support on compliance needs
Let’s break it down ⏬
- Security by design within the projects by discussing with the teams to consider the security risks- To be proactive in the security projects to be carried out, to define and to prioritize them- Ensure the security of the main Web application in Ruby on Rails and React: its dependencies, its code, its infrastructure and its configuration- Security and maintaining the security condition of other applications and AWS infrastructure, including its Kubernetes environment (AWS EKS)- Conduct and perform regular security assessments (internally or by an external firm) on the applications (code reviews/pentests/bug bounty in particular) and the infrastructure - Ensure compliance with ISO 27001 controls (processes) related to development (mandatory code practices, validation, patch management, vulnerability management, etc.) by training developers, monitoring projects (tech, product), conducting regular internal audits and managing tech non-conformities- Conducting code reviews from a secure development point of view (about 80 releases per day, not all of which have security implications, but it is an important and recurring topic)- Build/Improve secure development training materials and conduct regular training sessions with the developers- Contribute to tenders to explain our security policies and provide the necessary technical detailsLearn about Rails and React to detect vulnerabilities during code reviews and implement associated patches- Strengthen the current means of detecting malicious attempts
These missions are not exhaustive and remain evolving.
🥇You’re the right candidate if
Bonus: if you have already developed in Ruby or React and/or if you have technical application security certifications. A multi-skilled profile will be preferred.
What do we do to make your work life easier ?
🏢 You’ll be able to work fully from your home or any co-working space in France, or from our wonderful office in the center of Paris💵 You’ll have a compensation package📈 You'll get company shares to enjoy a piece of the success story you're building with us🏝You’ll get between 8 to 13 additional days off (to the 25 standard ones) to rest and do what you love each year🍜 You’ll have lunch credits (Swile card) to buy your favorite food every day🏥 You’ll have a great healthcare cover (Alan Blue) to take care of yourself and your family🏡 You’ll have a budget to turn your home into a more comfortable workspace, as well as a monthly allowance to work from a coworking space whenever you feel like it⛹️Through our partner Gymlib, you’ll have access to 8000 fitness spaces in Europe and more than 300 activities related to wellness🇬🇧 You’ll have access to Busuu to perfect your english or your french💻 You’ll get the latest Apple equipment🎉 You’ll be part of a vibrant social community : we do lots of sports together (Foot, running, climbing...), we love to hang out and have a drink together (thursday afterwork drinks on our rooftop is a usual thing. Twice-a-year we do company seminars, last time we went on a trip to Centerparcs and it was fabulous !)
We're working on providing those last advantages to our people based outside of France as well, but it can be quite more complex depending on different countries.
What does the recruitment process look like ?
- You will first have a general chat with Thomas (Technical Recruiter) : 30 min - Then you’ll meet Louis and Romain - Application Security Engineers, a first introduction meeting where you’ll also discover the technical challenge (30min). You carry out independently the technical challenge for the next 48h. - Then, you’ll discuss about your solutions with Guillaume (Head of Information Security), Louis and Romain - (1h)- Finally, a last culture fit meeting with one of our co-founders (30min)
We make sure we move fast ; you can expect the recruitment process with us to last between 15 and 25 days in total.
Who are we looking for ?
You may have noticed that there was no section listing the skills or qualities required to apply for this specific job. Researches have shown that some people are less likely to apply than others, if they don’t feel like they meet the full list of criteria. So we have decided to take it down entirely.
We have tried to give you as much details as we could about the purpose, missions and environment of this role; it is now up to you to tell us if you think this is a position in which you could a) have fun and b) bring value to our company.If you’re hesitating, we encourage you to apply anyway: worst case scenario, you might lose a few minutes, and in the best case, it will be the start of a meaningful and long-lasting collaboration.
We also want to emphasise that we fully embrace diversity and that we’re doing our best to create a safe and inclusive environment. We are committed to providing an equal employment opportunity regardless of gender, sexual orientation, origin, disabilities, or any other traits that make you who you are. If anything, diversity makes us a more fun place to work at.To end with a humble illustration of our commitment, we’ve recently signed the Pacte Parité to set concrete goals in building a better and more inclusive workplace in the years to come.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Senior Security Analyst jobs
- Open Cyber Security Architect jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Chief Information Security Officer jobs
- Open Security Specialist jobs
- Open Ingénieur DevSecops H/F jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Infosec Risk Manager jobs
- Open Agile-related jobs
- Open C-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open DevOps-related jobs
- Open Threat intelligence-related jobs
- Open Security Clearance-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open CI/CD-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open IDS-related jobs