At a Glance
- Tasks: Join a dynamic team to enhance application security and ensure compliance with industry standards.
- Company: Fast-growing fintech aiming to revolutionise financial operations for SMEs in Europe.
- Benefits: Enjoy 25 vacation days, competitive pay, remote work options, and access to fitness facilities.
- Other info: Diverse team culture with opportunities for professional growth and development.
- Why this job: Make a real impact on security while working with cutting-edge technology in a collaborative environment.
- Qualifications: Experience in offensive security assessments and programming languages like Ruby or Python.
The predicted salary is between 60000 - 80000 £ per year.
Our Vision We aim to become the most beloved financial operating system of French SMEs and accounting firms (and soon, European ones). We help entrepreneurs rid themselves of time‑consuming tasks related to accounting and finance while providing them with access to key financial information to assist in making the best decisions for their business.
About Us Pennylane is one of the fastest growing fintechs in France. In five years of existence, we have raised a total of €359 million and have grown to a team of more than 1,000 employees. We build an international environment with more than 25 nationalities and a strong remote‑friendly culture. We are recognized as one of the greatest places to work in France.
Team and Environment As we keep on growing, we are seeking an Application Security Engineer to join Louis's team of 5. You will handle all technical security matters, support ISO 27001 compliance, and advise employees—especially developers—on security best practices. The technical security team manages security issues from detection to resolution, collaborating with developers and Security Champions when needed.
Security by Design
- Engage with the Product Team to integrate security in our features from the beginning, from design to delivery.
- Ensure the security of the main Web application written in Ruby on Rails and ReactJS: its dependencies, code, infrastructure, and configuration.
- Conduct code reviews from a secure development point of view (about 80 releases per day).
- Detect vulnerabilities and propose associated patches.
- Raise the security level of our CI/CD configuration.
- With the DevOps team, secure our AWS infrastructure, including its Kubernetes environment (AWS EKS).
Vulnerability Management
- Conduct and perform regular security assessments (internally or through external consulting companies) on the applications (code reviews, pentests, bug bounty in particular) and the infrastructure.
- Strengthen the current means of detecting malicious attempts.
- Be involved in all security incidents, investigate logs, block attacks, and propose corrective measures to prevent future threats.
Compliance & Awareness
- Ensure compliance with ISO 27001 controls (processes) related to development (mandatory code practices, validation, patch management, vulnerability management, etc.) by training developers, monitoring projects, conducting regular internal audits, and managing technical non‑conformities.
- Build or improve secure development training materials and conduct regular training sessions with developers, engaging them in the Security Champions program.
- Improve the security awareness throughout the company.
- Contribute to tenders to explain our security policies and provide the necessary technical details.
Qualifications
- Ability to perform offensive security assessments on infrastructure and applications.
- Know how to exploit and fix a wide range of web vulnerabilities and be able to explain them to non‑technical persons (not just the OWASP Top 10).
- Experience in a programming language (Ruby, Python, JavaScript) for scripting or larger projects.
- Experience in cloud infrastructure security.
- Ability to popularize technical terms to facilitate the adoption of security measures within projects or to broadcast messages to peers.
- Fluent in French and/or English (both oral and written).
Soft Skills
- Humble.
- Team player; able to work with remote colleagues.
- Proactive and organized.
- Quick learner who enjoys working on different projects (application security, cloud infrastructure, training, ISO 27001).
Benefits
- 25 vacation days paid by Pennylane.
- Competitive compensation package.
- Company shares.
- Budget for a dedicated workspace and allowance to work from coworking spaces.
- Access to fitness spaces through partner Gymlib.
- Latest Apple equipment.
- Remote work allowed from any European country within two hours of CET, or based in France with a French contract following French regulation, including 6 to 12 RTT, 5 weeks PTO, lunch credits, health cover, and regular events in major cities.
Who Are We Looking For
- Speaks English (level assessed and appreciated).
- Thrives in a rapidly changing work environment.
- Highly collaborative within own team or other stakeholders.
- Experienced enough to prioritize business‑led actions on a day‑to‑day basis.
Equal Employment Opportunity
We are committed to providing an equal employment opportunity regardless of gender, sexual orientation, origin, disabilities, or any other traits that make you who you are. If anything, diversity makes us a more fun place to work at.
StudySmarter Expert Advice🤫
We think this is how you could land Senior Application Security Engineer
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Pennylane, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through Pennylane
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Pennylane. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace Senior Application Security Engineer
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Pennylane insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Pennylane that you’re committed to staying ahead in the game.
How to prepare for a job interview at Pennylane
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at Pennylane to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Pennylane.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.