Application Security Engineer

Start Date: As soon as possible

End Date: 31/12/2026

Languages Required: English, French

Responsibilities:

• Strengthen security across the software lifecycle and integrate vulnerability mitigations into a HA software environment.
• Collaborate with IT Development, Applications Team, and Infrastructure Team to integrate security into CI/CD pipelines.
• Perform application security reviews and remediate vulnerabilities at code or configuration level.
• Analyze vulnerabilities, fix issues in applications, and assist development teams in building secure software by design.
• Remediate application vulnerabilities (SAST/DAST/SCA findings) and implement tools to detect vulnerabilities.
• Conduct secure code reviews and architecture security assessments.
• Resolve vulnerability issues related to application code, libraries, and dependencies.
• Help reduce technical debt and improve application security maturity.
• Integrate security tooling into CI/CD pipelines (DevSecOps).
• Support development teams with secure coding practices.
• Participate in threat modeling and security design reviews.
• Cooperate with security engineers responsible for patch and vulnerability treatment at OS level.

Technical Environment:

• Modern CI/CD pipelines (GitLab, DevOps, Kubernetes/Docker)
• SAST / DAST / SCA tools (e.g., Qualys, Pentest reports)
• Enterprise application stacks (Java, JavaScript/Node.js, TypeScript, Angular, .NET, Python)
• Local DC environment
• OWASP Top 10 and secure coding frameworks

Qualifications:

• Strong software engineering background with the ability to read and modify production code.
• Experience in application security or secure software development.
• Solid understanding of OWASP Top 10 and common application vulnerabilities.
• Hands-on experience with vulnerability remediation at code and configuration level.
• Familiarity with CI/CD pipelines and DevSecOps practices.
• Ability to analyze scanner findings and distinguish real issues from false positives.
• Comfortable working with developers and security teams in a HA environment.

Desired Skills:

• Experience with threat modeling.
• Knowledge of cloud security.
• Exposure to vulnerability management processes.

Working Schedule:

• Full-time positions working on-premise.
• Once mutual confidence levels are established, a maximum of 2 days per week of remote working can be authorized.

Skills:

• CI/CD Security Integration
• Securing APIs and Middleware Interfaces
• Vulnerability Management and Remediation
• Modern Security Testing (SaaS/DAST/IAST)
• Security Testing (Hailstorm/PenTest)
• Angular, DevOps, Docker, GIT, Java, Kubernetes, Middleware, Spring Boot
• Systems Development Lifecycle