Are you looking to have an impact on the daily life of millions of entrepreneurs in France (and tomorrow in Europe)?

Are you looking for a work environment that values trust, proactivity, and autonomy?

Are our Engineering principles aligned with your vision?

Then Pennylane is the right place for you !

Our vision

We aim to become the most beloved financial Operating System of French SMEs (and soon, European ones).

We help entrepreneurs rid themselves of time-consuming tasks related to accounting and finance while providing them with access to key financial information to assist in making the best decisions for their business.

About us

Pennylane is one of the fastest growing Fintechs in France (and soon to be in Europe!)

In 4 years of existence, we’ve managed to :

💻 Make ourselves known as a groundbreaking accounting and financial software for small businesses and their accountants

💰 Raise a total of €150 millions, including from Sequoia, the famous fund from the Silicon Valley who invested early in companies like Google, Facebook, Airbnb, Stripe, Paypal and much more...

👨‍👩‍👧‍👦 Grow from 7 cofounders to 550+ happy Pennylaners : we’re now recognized as one of the greatest places to work in France (and also remotely), with a 4.6/5 rating on Glassdoor.

🌍 Build an international environment with more than 25 nationalities, with a strong remote-friendly culture, where 30% of the employees are already working from all parts of Europe

🤝 Earn the trust of thousands of customers and accounting firms and obtain outstanding ratings

🚀 Already more than 350,000 small and medium-sized enterprises (SMEs) and over 4,500 accounting firms use Pennylane in France!

WHY this position is of utmost importance to reach our mission

We are looking for an Application Security Engineer to join Romain and Sylvain within the security technical team, managed by Louis. Under the direction of Guillaume, our Head of Information and Security, the team handles all technical topics related to security.

In collaboration with the compliance team, you will provide your technical expertise in defining and overseeing key projects aimed at sustainably enhancing the security of our assets. You will play a key role in advising, training, and being the security reference for all employees — especially developers. 

The daily management of technical operations related to ISO 27001 certification will also be part of your responsibilities.

The security technical team is involved from identifying and detecting security issues to resolving them, including the development and implementation of patches. When needs are significant or patches are complex, the security team collaborates with developers, especially Security Champions, to strengthen the effectiveness of interactions.

🎯 Your tasks

You will be primarily involved in the following: -

- All technical security topics while providing technical support for compliance needs.

Let's break it down:

- Participate in the internal Security By Design process: assess the security impact of new features from their design stage and ensure the integration of the right security mechanisms until deployment;

- Ensure the security of the main Web application in Ruby on Rails and React: covering its dependencies, code, infrastructure, and configuration;

- Maintain the security and ongoing security compliance of other applications and the AWS infrastructure, particularly its Kubernetes environment (AWS EKS);

- Conduct regular audits (internal or by an external firm) on applications (code reviews/pentests/bug bounty programs) and infrastructure;

- Ensure compliance with ISO 27001 controls (processes) related to development (mandatory coding practices, validation, updates, vulnerability management, etc.), both through developer training, project monitoring (tech, product), regular internal audits, and management of tech non-conformities;

- Perform code reviews from a security perspective for developers (about 80 production releases per day, not all of which have security implications, but it's an important and recurring aspect);

- Build/Improve training materials for secure development and lead regular training sessions for developers;

- Strengthen our detection and response capabilities for security incidents by proposing appropriate solutions against threats, whether they are technical or fraud-related;

- Contribute to bids and proposals to explain our security policies and provide the necessary technical details.

These tasks are not exhaustive and are subject to change.

🥇You’re the right candidate if

You have an experienced/senior profile in application security (defensive or offensive), learn quickly, and have a broad interest in all things related to security. We work on a wide range of security topics (application, Cloud infrastructure, security by design, training, ISO 27001, etc.).

Working in an English-speaking environment doesn’t scare you. You don’t need to be bilingual, but you must be able to communicate clearly both orally and in writing, and understand what is being said. If you need support with this, we’ll immediately provide you with a Busuu subscription to improve your English.

Ideally, you possess the following qualities, skills, and experience:

- Able to conduct offensive security audits on an infrastructure or application;

- You are proficient in exploiting and fixing Web vulnerabilities, including most of them (not just the OWASP Top 10);

- You have experience with a programming language (Ruby, Python, JavaScript), whether for writing “quick and dirty” scripts to exploit a vulnerability or as part of larger projects;

- You have experience with Cloud infrastructure security;

- You can simplify technical language to help integrate security measures into projects or to communicate messages to all Pennylaners

- You are autonomous, proactive, and organized;

- Working with remote colleagues is not a problem for you.

Bonus: If you have experience developing in Ruby or React and/or hold certifications in application security.A versatile profile will be preferred.

What does the recruitment process look like ? 

- You will first have a general chat with Maxime (Technical Recruiter) : 30 min

- Next, you will meet your future team — Louis and Romain/Sylvain — for a first discussion to quickly go over and explore the technical challenge (30 minutes).

- You will then complete the technical challenge on your own within 48 hours. After submitting your work, you will discuss the exercise with Louis, Romain, and Sylvain (1 hour).

- Then, you will meet Guillaume, our Head of Information and Security (40 minutes).

-Finally, you will have a last "culture fit" interview with one of our co-founders (30 minutes).

We make sure we move fast ; you can expect the recruitment process with us to last between 15 and 25 days in total. 

Encouraging diversity in all its forms, Pennylane strives to offer an inclusive, caring and fulfilling work environment in our offices and remotely. We provide equal opportunities and consideration regardless of background, origin, gender, religion, sexual orientation or handicap.

What do we do to make your work life easier

🏢 You'll be able to work remotely from your country of residence, as long as it is in Europe and within a maximum time difference of two hours from the CET time zone

🌴 Wherever you are based, you will get 25 vacations days paid by Pennylane

💵 You’ll have a competitive compensation package

📈 You'll get company shares to enjoy a piece of the success story you're building with us

🏡 You’ll have a budget to turn your home into a more comfortable workspace, as well as a monthly allowance to work from a coworking space whenever you feel like it

⛹️ Through our partner Gymlib, you’ll have access to 8000 fitness spaces in Europe and more than 300 activities related to wellness

🇬🇧 You’ll have access to Busuu to perfect your English or your French

💻 You’ll get the latest Apple equipment

🎉 We are committed to regularly coming together for company events such as Tech Days (which bring remote Pennylaners together every 3 months) or our annual company seminar, fostering significant moments of cohesion for everyone.

If you are based in France, you will have a French contract following French regulation on top of the additional perks : 6 to 12 RTT, 5 weeks PTOs, lunch credits (Swile), Alan Blue healthcare cover and regular events in cities where Pennylaners are mostly presents (Lyon, Bordeaux, Nantes…)

We're working on providing those last advantages to our people based outside of France as well, but it can be quite more complex depending on different countries.

Who are we looking for ?

To thrive at Pennylane, you need :

-To speak English (level is assessed and appreciated according to the department you’re applying to)

-To be energized by an ever-shifting work environment

-To be highly collaborative (within your team or other stakeholders)

-Sufficiently experienced to prioritize business-led actions on your day to day activity

We know that some people are less likely to apply than others, if they don’t feel like they meet the full list of criteria.

If you’re hesitating, we encourage you to apply : who knows, it might be the start of a meaningful and long-lasting collaboration.

We also want to emphasize that we fully embrace diversity, equity and inclusion and that we’re doing our best to create a safe and inclusive environment.

We are committed to providing an equal employment opportunity regardless of gender, sexual orientation, origin, disabilities, or any other traits that make you who you are. If anything, diversity makes us a more fun place to work at.