⚠️ During the coronavirus crisis Doctolib continues to work, operating fully remote as we are building new products that help Doctors in France and Germany. We continue to Recruit and grow the team, all of our Recruiting and Onboarding has now been adapted to remote too.

Are you ready to protect the security and privacy of our patients to ensure the best user experience of the top European healthcare product used and loved by millions of patients and doctors? If so, we are looking for a skilled, passionate Application Security Engineer who loves to reveal potential security issues, fix them, communicate about it, along with crafting solutions to rule out those weaknesses.

We are responsible of keeping millions of users health record safe and private, that’s why we want to build the best team in order to maintain a state
-of
-the
-art, healthcare compliant information system and product.

The Senior Application Security Engineer will work among a team of 20 passionate security engineers, hands
-on and eager to share their knowledge. The Senior Application Security Engineer will join the Product Security team that works closely with the Platform Security team and our GRC team.

Example of our current challenges :

• Accelerate our Shift
  -Left and Product oriented security posture

• Support development teams in hardening the software architecture and code

• Foster and support End
  -to
  -End Encryption on our Software Product

• Keep the bar among standards

What you will do :

• Help our Product Owners to ship ‘secure by design’ features

• Perform application
  -focus, offensive, security assessments of existing and upcoming Doctolib’s features and products

• Enforce smart  CI/CD security tooling (SAST, dependencies checker)

• Identify vulnerability in the source code and design of our products

• Fix vulnerabilities or support development team on fixing

• Maintain and contribute to Doctolib’s Secure Development Lifecycle

• Contribute to Doctolib’s security at
  -scale by default

• Raise awareness of our developers to security best practices

• Contribute to our Red Team / Blue Team organization

• Write public articles about oru security practices and participate in conferences with pairs.

Your profile :

Hard skills :

• You are passionate about application security and development !

• Security assessments of web applications have no secret for you !

• You have a strong understanding of common and uncommon web application vulnerabilities and mitigations (OWASP Top10)

• You are experienced in a common programming language (Ruby, Python, Javascript,...). You have been a developper somehow.

• You are familiar or eager to learn about security vulnerabilities specific to Ruby on Rails

• You have a good understanding of security in distributed systems at scale

• You speak English and French fluently

Soft Skills :

• You are able to collaborate with all people working in the company (tech & non
  -tech)

• You have proven communication skills

• You are autonomous, pragmatic & have good structuration skills

• You proactively contribute to Doctolib’s security

Your day to day tools :

• Burp

• Jira & Confluence & Asana

• IDE (RubyMine / VSCode) + Github

• ElasticSearch / NewRelic

The interview process :

• 30min phone screen with a Tech Recruiter

• 1h technical interview 

• Take home test with restitution  

More about the position :

• Permanent Position

• Full time

• Location: Levallois
  -Perret / Hybrid / Full
  -Remote

• Start Date : ASAP