Application Security Manager
Overview
Pluxee is a global player in employee benefits and engagement that operates in 31 countries. Pluxee helps companies attract, engage, and retain talent thanks to a broad range of solutions across Meal & Food, Wellbeing, Lifestyle, Reward & Recognition, and Public Benefits.
Powered by leading technology and more than 5,000 engaged team members, Pluxee acts as a trusted partner within a highly interconnected B2B2C ecosystem made up of more than 500,000 clients, 36 million consumers and 1.7 million merchants.
Conducting its business as a trusted partner for more than 45 years, Pluxee is committed to creating a positive impact on all its stakeholders, from driving business to local communities, to supporting wellbeing at work for employees while protecting the planet.
Role and Responsibilities
- Security of projects and cross-functional support
- Participate in strategic exchanges and roadmaps to incorporate security challenges from early development phases.
- Adapt security requirements to align with Group and local product strategies.
- Monitor IT project delivery and ensure security is integrated at all stages.
- Perform technical and application architecture reviews with a security lens.
- Contribute to project risk analyses (EBIOS, ISO 27005).
- Maintain and document security recommendations, requirements and references for projects (cloud, on-prem, API, microservices, etc.).
- Raise awareness among project stakeholders (product, IT, business) of security issues.
- DevSecOps & secure development
- Integrate security requirements into the software development lifecycle (Secure SDLC).
- Support product and development teams in threat modeling.
- Define and implement automated security controls in CI/CD pipelines (GitLab, GitHub Actions, Azure DevOps, Jenkins).
- Configure and maintain security tools: SAST/DAST, SCA, Secrets detection.
- Set acceptability thresholds, blocking rules and manage false positives with developers.
- Ensure adherence to internal norms and standards (OWASP ASVS, ISO 27034…) and group requirements.
- Suggest improvements to vulnerability management processes in application projects.
- Vulnerability analysis, tracking, management and incident response
- Define processes for detection, qualification and remediation of vulnerabilities.
- Collaborate with Product Owners and development teams to plan and prioritize fixes in sprints.
- Create and maintain security dashboards for the IT department and project teams.
- Assist with security investigations in applications for incident handling.
- Documentation, awareness and security culture
- Write secure coding guides tailored to internal languages and environments.
- Produce internal references (coding guidelines, security checklists, etc.).
- Lead training sessions and practical workshops (secure coding, code review security, DevSecOps practices).
- Support the establishment of a strong security culture with awareness campaigns and internal challenges (CTF, bug bounty, etc.).
- Governance, monitoring and continuous improvement
- Maintain regulatory vigilance (DORA, NIS2, RGPD…) and cybersecurity trends.
- Participate in internal/ external audits and incident management related to application security.
- Monitor technological evolutions and emerging threats (SBOM, GitOps security, shift-left testing, etc.).
- Propose, test and promote new tools and practices to strengthen the organization’s DevSecOps maturity.
Qualifications
- Experience of 5+ years in application security or DevSecOps, ideally in a hybrid cloud/on-prem environment.
- Bachelor’s or Master’s in cybersecurity, computer science or software development with a security specialization.
- Languages: French and English (proficient).
- Strong knowledge of secure development principles (OWASP Top 10, ASVS, Secure SDLC, threat modeling).
- Deep understanding of CI/CD security tools: SAST, DAST, SCA, secret detection.
- Proficiency with CI/CD environments (GitLab CI, GitHub Actions, Jenkins, etc.).
- Familiarity with modern architectures: API, microservices, containers, public cloud (Azure, AWS).
- Experience with security standards and internal references (ISO 27034, CIS Benchmarks, etc.).
- Autonomy, rigor, organizational skills, analytical mindset and problem-solving ability.
- Ability to explain security concepts clearly and to facilitate meetings.
- Service orientation and ability to work in agile and product-driven project cycles.
- Experience coordinating cross-functional security topics.
- Ability to manage multiple projects simultaneously with clear prioritization and reporting.
Location
Paris 9
Team
Security of Information Systems Team
#J-18808-Ljbffr