Application Security Engineer
Alan
About the role
Application Security Engineer – Health‑Tech (France)
Full‑time • Hybrid / Remote‑Friendly • French‑speaking environment
About the Company
We are a fast‑growing health‑technology firm based in France, dedicated to delivering secure, data‑driven solutions that improve patient outcomes and streamline clinical workflows. Our products are built on a “security‑by‑design” philosophy, and we empower our engineers to embed robust protection mechanisms from day one.
Role Overview
As an Application Security Engineer, you will be the technical guardian of our software portfolio. You’ll design, develop, and operate foundational security components, work closely with product and engineering teams, and champion secure coding practices across the organization.
Key Responsibilities
| Area | What You’ll Do |
|---|---|
| Security Architecture | Design and implement reusable security libraries, authentication/authorization frameworks, encryption services, and secure API gateways. |
| Secure Development | Conduct threat modeling, code reviews, and static/dynamic analysis for new features and existing services. |
| Automation & Tooling | Build CI/CD security pipelines (SAST, DAST, dependency scanning, secret detection) and integrate them into our DevOps workflow. |
| Incident Response | Lead root‑cause analysis of security incidents, produce remediation plans, and drive post‑mortem improvements. |
| Mentorship & Advocacy | Coach developers on secure coding, create security guidelines, and run brown‑bag sessions or workshops. |
| Compliance & Audits | Ensure alignment with GDPR, ISO 27001, and industry‑specific regulations (e.g., HIPAA‑EU equivalents). |
| Research & Innovation | Stay ahead of emerging threats, evaluate new security technologies, and prototype proof‑of‑concepts. |
Required Experience & Skills
| Must‑Have | Details |
|---|---|
| Full‑stack engineering | ≥ 3 years of hands‑on experience building web applications (frontend + backend) using languages such as Java, Python, Node.js, or Go. |
| Application security expertise | Proven track record implementing authentication (OAuth 2.0, OpenID Connect, SAML), authorization (RBAC/ABAC), encryption (TLS, JWT, PGP), and secure session management. |
| Security tooling | Proficiency with SAST/DAST tools (e.g., SonarQube, Checkmarx, OWASP ZAP), container security (Trivy, Aqua), and secret‑management solutions (Vault, AWS Secrets Manager). |
| DevSecOps mindset | Experience embedding security checks into CI/CD pipelines (GitLab CI, GitHub Actions, Jenkins). |
| Threat modeling & code review | Ability to conduct STRIDE/PASTA analyses and provide actionable feedback to developers. |
| Communication | Strong written and spoken French and English; comfortable presenting technical concepts to non‑technical stakeholders. |
| Team player | Collaborative attitude, eager to mentor and share knowledge across cross‑functional teams. |
Nice‑to‑Have
- Certifications: OSCP, CISSP, CEH, or similar.
- Experience with cloud platforms (AWS, Azure, GCP) and IaC security (Terraform, CloudFormation).
- Familiarity with healthcare standards (HL7, FHIR) and related privacy requirements.
What We Offer
| Benefit | Description |
|---|---|
| Competitive salary | Market‑aligned base plus performance bonus. |
| Flexible remote work | Up to 3 days/week remote; office in Paris (or other French hub) for on‑site collaboration. |
| Professional development | Budget for certifications, conferences, and training. |
| Health & wellness | Comprehensive health insurance, mental‑wellness program, and gym reimbursement. |
| Generous PTO | 30 days paid vacation + public holidays. |
| Equity participation | Stock‑options for long‑term alignment. |
| Inclusive culture | Diverse, supportive environment with regular tech talks, hackathons, and team‑building events. |
How to Apply
- Prepare your CV – Highlight relevant security projects, technologies used, and any certifications.
- Write a brief cover letter – Explain why you’re passionate about securing health‑tech applications and how your experience aligns with the role.
- Submit – Send both documents to recruitment@yourcompany.fr with the subject line: “Application Security Engineer – J-18808-Ljbffr”.
We review applications on a rolling basis. Early submissions are encouraged!
Join us and help shape the future of secure, patient‑centric digital health.
Don't send a generic resume
Paste this job description into Mimi and get a resume tailored to exactly what the hiring team is looking for.
Get started free