Chargement en cours

Application Security Engineer

PARIS, 75
il y a 1 jour

Joining Qare means embarking on a human and technological adventure where every day counts towards improving the lives of millions of people. Whether you’re passionate about tech, healthcare, or innovation, you’ll find a playing field here that matches your ambitions!

About The Role

You will own security across the software development lifecycle, embedding automated security testing into CI/CD pipelines and enabling development teams to ship secure code quickly. This role works closely with UK and France engineering teams.

DevSecOps & Pipeline Security

  • Implement and maintain security testing in GitLab CI pipelines
  • Configure and tune SAST, DAST, dependency scanning, and secrets detection
  • Build automated security gates that balance rigour with delivery velocity
  • Enable self‑serve security tooling for development teams
  • Contribute code and patches to security tooling and configurations

Secure Development

  • Define and enforce secure coding standards
  • Conduct security‑focused code reviews and threat modelling for new features
  • Provide remediation guidance for application vulnerabilities
  • Train and support developers on secure coding practices

Vulnerability Management

  • Triage, patch and track application vulnerabilities through to remediation
  • Manage dependency vulnerabilities and upgrade cycles
  • Report on application security posture to senior leadership

Risk & Compliance

  • Embed GDPR and healthcare regulatory requirements into development processes
  • Support DCB0129 clinical safety compliance for software changes
  • Support customer security due diligence and audits
  • Support ISO27001:2022 ISMS controls and audit process

Essential

Key Skills and Experience

  • 3+ years in application security, DevSecOps, and secure software development
  • Hands‑on experience with CI/CD security integration (GitLab CI or similar)
  • Familiarity with SAST/DAST tooling and dependency scanning
  • Understanding of common vulnerabilities (OWASP Top 10) and remediation
  • Previous experience working as a back end or full stack developer
  • Knowledge of GDPR and data protection legislation
  • Strong communicator; able to translate security requirements for developers

Desirable

  • Development background with security focus
  • Familiarity with SIEM platforms (Snowbit, Splunk, Sentinel)
  • Experience with CSPM tooling (Wiz, Prisma Cloud, or similar)
  • Penetration testing or bug bounty experience
  • Experience in regulated environments (healthcare, financial services)
  • Familiarity with threat modelling frameworks (STRIDE, PASTA)

What We Offer

  • A full induction training programme, which will be undertaken via Microsoft Teams.
  • An opportunity to work as part of an experienced team who are passionate in their field, supportive, diverse and dynamic.
  • Internal actions put in place to preserve the mental and physical health of employees.
  • A balance between professional and private life.
  • A hybrid working arrangement: the possibility of working remotely up to three days a week in a flexible manner.
  • An eco‑friendly workspace where it’s pleasant to work.
#J-18808-Ljbffr
Entreprise
Qare.fr
Plateforme de publication
WHATJOBS
Offres pouvant vous intéresser
PARIS, 75
il y a 1 jour
PARIS, 75
il y a 18 jours
ÉCHIROLLES, 38
il y a 13 jours
OFFRE D’EMPLOI
il y a 13 jours
Soyez le premier à postuler aux nouvelles offres
Soyez le premier à postuler aux nouvelles offres
Créez gratuitement et simplement une alerte pour être averti de l’ajout de nouvelles offres correspondant à vos attentes.
* Champs obligatoires
Ex: boulanger, comptable ou infirmière
Alerte crée avec succès