Application Security Engineer
PARIS, 75
il y a 1 jour
Joining Qare means embarking on a human and technological adventure where every day counts towards improving the lives of millions of people. Whether you’re passionate about tech, healthcare, or innovation, you’ll find a playing field here that matches your ambitions!
About The Role
You will own security across the software development lifecycle, embedding automated security testing into CI/CD pipelines and enabling development teams to ship secure code quickly. This role works closely with UK and France engineering teams.
DevSecOps & Pipeline Security
- Implement and maintain security testing in GitLab CI pipelines
- Configure and tune SAST, DAST, dependency scanning, and secrets detection
- Build automated security gates that balance rigour with delivery velocity
- Enable self‑serve security tooling for development teams
- Contribute code and patches to security tooling and configurations
Secure Development
- Define and enforce secure coding standards
- Conduct security‑focused code reviews and threat modelling for new features
- Provide remediation guidance for application vulnerabilities
- Train and support developers on secure coding practices
Vulnerability Management
- Triage, patch and track application vulnerabilities through to remediation
- Manage dependency vulnerabilities and upgrade cycles
- Report on application security posture to senior leadership
Risk & Compliance
- Embed GDPR and healthcare regulatory requirements into development processes
- Support DCB0129 clinical safety compliance for software changes
- Support customer security due diligence and audits
- Support ISO27001:2022 ISMS controls and audit process
Essential
Key Skills and Experience
- 3+ years in application security, DevSecOps, and secure software development
- Hands‑on experience with CI/CD security integration (GitLab CI or similar)
- Familiarity with SAST/DAST tooling and dependency scanning
- Understanding of common vulnerabilities (OWASP Top 10) and remediation
- Previous experience working as a back end or full stack developer
- Knowledge of GDPR and data protection legislation
- Strong communicator; able to translate security requirements for developers
Desirable
- Development background with security focus
- Familiarity with SIEM platforms (Snowbit, Splunk, Sentinel)
- Experience with CSPM tooling (Wiz, Prisma Cloud, or similar)
- Penetration testing or bug bounty experience
- Experience in regulated environments (healthcare, financial services)
- Familiarity with threat modelling frameworks (STRIDE, PASTA)
What We Offer
- A full induction training programme, which will be undertaken via Microsoft Teams.
- An opportunity to work as part of an experienced team who are passionate in their field, supportive, diverse and dynamic.
- Internal actions put in place to preserve the mental and physical health of employees.
- A balance between professional and private life.
- A hybrid working arrangement: the possibility of working remotely up to three days a week in a flexible manner.
- An eco‑friendly workspace where it’s pleasant to work.
Entreprise
Qare.fr
Plateforme de publication
WHATJOBS
Offres pouvant vous intéresser
PARIS, 75
il y a 1 jour
PARIS, 75
il y a 18 jours
ÉCHIROLLES, 38
il y a 13 jours
OFFRE D’EMPLOI
il y a 13 jours