⚠️ During the coronavirus crisis Doctolib continues to work, operating fully remote as we are building new products that help Doctors in France and Germany. We continue to Recruit and grow the team, all of our Recruiting and Onboarding has now been adapted to remote too.
Are you ready to protect the security and privacy of our patients to ensure the best user experience of the top European healthcare product used and loved by millions of patients and doctors? If so, we are looking for a skilled, passionate Application Security Engineer who loves to reveal potential security issues, fix them, communicate about it, along with crafting solutions to rule out those weaknesses.
We are responsible of keeping millions of users health record safe and private, that’s why we want to build the best team in order to maintain a state
-of
-the
-art, healthcare compliant information system and product.
The Senior Application Security Engineer will work among a team of 20 passionate security engineers, hands
-on and eager to share their knowledge. The Senior Application Security Engineer will join the Product Security team that works closely with the Platform Security team and our GRC team.
Example of our current challenges :
Accelerate our Shift
-Left and Product oriented security posture
Support development teams in hardening the software architecture and code
Foster and support End
-to
-End Encryption on our Software Product
Keep the bar among standards
What you will do :
Help our Product Owners to ship ‘secure by design’ features
Perform application
-focus, offensive, security assessments of existing and upcoming Doctolib’s features and products
Enforce smart CI/CD security tooling (SAST, dependencies checker)
Identify vulnerability in the source code and design of our products
Fix vulnerabilities or support development team on fixing
Maintain and contribute to Doctolib’s Secure Development Lifecycle
Contribute to Doctolib’s security at
-scale by default
Raise awareness of our developers to security best practices
Contribute to our Red Team / Blue Team organization
Write public articles about oru security practices and participate in conferences with pairs.
Your profile :
Hard skills :
You are passionate about application security and development !
Security assessments of web applications have no secret for you !
You have a strong understanding of common and uncommon web application vulnerabilities and mitigations (OWASP Top10)
You are experienced in a common programming language (Ruby, Python, Javascript,...). You have been a developper somehow.
You are familiar or eager to learn about security vulnerabilities specific to Ruby on Rails
You have a good understanding of security in distributed systems at scale
You speak English and French fluently
Soft Skills :
You are able to collaborate with all people working in the company (tech & non
-tech)
You have proven communication skills
You are autonomous, pragmatic & have good structuration skills
You proactively contribute to Doctolib’s security
Your day to day tools :
Burp
Jira & Confluence & Asana
IDE (RubyMine / VSCode) + Github
ElasticSearch / NewRelic
The interview process :
30min phone screen with a Tech Recruiter
1h technical interview
Take home test with restitution
More about the position :
Permanent Position
Full time
Location: Levallois
-Perret / Hybrid / Full
-Remote
Start Date : ASAP
These companies are also recruiting for the position of “Software & Web Development”.
See all job openings