Chargement en cours

Application Security Manager

PARIS, 75
il y a 16 heures

Overview

Pluxee is a global player in employee benefits and engagement that operates in 31 countries. Pluxee helps companies attract, engage, and retain talent thanks to a broad range of solutions across Meal & Food, Wellbeing, Lifestyle, Reward & Recognition, and Public Benefits.

Powered by leading technology and more than 5,000 engaged team members, Pluxee acts as a trusted partner within a highly interconnected B2B2C ecosystem made up of more than 500,000 clients, 36 million consumers and 1.7 million merchants.

Conducting its business as a trusted partner for more than 45 years, Pluxee is committed to creating a positive impact on all its stakeholders, from driving business to local communities, to supporting wellbeing at work for employees while protecting the planet.

Role and Responsibilities

  • Security of projects and cross-functional support
  • Participate in strategic exchanges and roadmaps to incorporate security challenges from early development phases.
  • Adapt security requirements to align with Group and local product strategies.
  • Monitor IT project delivery and ensure security is integrated at all stages.
  • Perform technical and application architecture reviews with a security lens.
  • Contribute to project risk analyses (EBIOS, ISO 27005).
  • Maintain and document security recommendations, requirements and references for projects (cloud, on-prem, API, microservices, etc.).
  • Raise awareness among project stakeholders (product, IT, business) of security issues.
  • DevSecOps & secure development
  • Integrate security requirements into the software development lifecycle (Secure SDLC).
  • Support product and development teams in threat modeling.
  • Define and implement automated security controls in CI/CD pipelines (GitLab, GitHub Actions, Azure DevOps, Jenkins).
  • Configure and maintain security tools: SAST/DAST, SCA, Secrets detection.
  • Set acceptability thresholds, blocking rules and manage false positives with developers.
  • Ensure adherence to internal norms and standards (OWASP ASVS, ISO 27034…) and group requirements.
  • Suggest improvements to vulnerability management processes in application projects.
  • Vulnerability analysis, tracking, management and incident response
  • Define processes for detection, qualification and remediation of vulnerabilities.
  • Collaborate with Product Owners and development teams to plan and prioritize fixes in sprints.
  • Create and maintain security dashboards for the IT department and project teams.
  • Assist with security investigations in applications for incident handling.
  • Documentation, awareness and security culture
  • Write secure coding guides tailored to internal languages and environments.
  • Produce internal references (coding guidelines, security checklists, etc.).
  • Lead training sessions and practical workshops (secure coding, code review security, DevSecOps practices).
  • Support the establishment of a strong security culture with awareness campaigns and internal challenges (CTF, bug bounty, etc.).
  • Governance, monitoring and continuous improvement
  • Maintain regulatory vigilance (DORA, NIS2, RGPD…) and cybersecurity trends.
  • Participate in internal/ external audits and incident management related to application security.
  • Monitor technological evolutions and emerging threats (SBOM, GitOps security, shift-left testing, etc.).
  • Propose, test and promote new tools and practices to strengthen the organization’s DevSecOps maturity.

Qualifications

  • Experience of 5+ years in application security or DevSecOps, ideally in a hybrid cloud/on-prem environment.
  • Bachelor’s or Master’s in cybersecurity, computer science or software development with a security specialization.
  • Languages: French and English (proficient).
  • Strong knowledge of secure development principles (OWASP Top 10, ASVS, Secure SDLC, threat modeling).
  • Deep understanding of CI/CD security tools: SAST, DAST, SCA, secret detection.
  • Proficiency with CI/CD environments (GitLab CI, GitHub Actions, Jenkins, etc.).
  • Familiarity with modern architectures: API, microservices, containers, public cloud (Azure, AWS).
  • Experience with security standards and internal references (ISO 27034, CIS Benchmarks, etc.).
  • Autonomy, rigor, organizational skills, analytical mindset and problem-solving ability.
  • Ability to explain security concepts clearly and to facilitate meetings.
  • Service orientation and ability to work in agile and product-driven project cycles.
  • Experience coordinating cross-functional security topics.
  • Ability to manage multiple projects simultaneously with clear prioritization and reporting.

Location

Paris 9

Team

Security of Information Systems Team

#J-18808-Ljbffr
Entreprise
Dormont Manufacturing Co
Plateforme de publication
WHATJOBS
Offres pouvant vous intéresser
FRANCE
il y a 18 jours
PARIS, 75
il y a 19 jours
RENNES, 35
il y a 25 jours
PARIS, 75
il y a 18 jours
Soyez le premier à postuler aux nouvelles offres
Soyez le premier à postuler aux nouvelles offres
Créez gratuitement et simplement une alerte pour être averti de l’ajout de nouvelles offres correspondant à vos attentes.
* Champs obligatoires
Ex: boulanger, comptable ou infirmière
Alerte crée avec succès