Flowdesk's mission is to build a global financial institution for digital assets, one designed from the ground up for market integrity and efficiency.

To achieve this in a rapidly evolving market, we apply a disciplined, first-principles approach to everything we do. This approach is embedded in our core services, from institutional liquidity provision, trading solutions, OTC execution to our comprehensive treasury management offerings. This is how we cut through the noise and build robust and scalable systems across all our business lines.

Therefore, we seek individuals who are driven by this systematic approach. Joining Flowdesk means you will be a key contributor in building and scaling a more transparent and efficient financial markets infrastructure.

As an Application Security Engineer at Flowdesk, you will drive security improvements for our software development lifecycle by integrating automated security testing, supporting development teams, and manually testing critical systems.

Your daily mission will be to

• Integrate, configure, and manage SAST, DAST, and SCA tools within CI/CD pipelines (e.g., GitLab CI, GitHub Actions, Jenkins) to enable rapid developer feedback.
• Be the security subject-matter expert for development teams: conduct threat modeling, security design reviews, and provide hands-on mitigation recommendations.
• Execute manual penetration testing on web apps, APIs, mobile apps, and cloud infrastructure, uncovering vulnerabilities not detectable by automated tools.
• Triage, validate, and prioritize vulnerabilities; work with developers to ensure timely resolution.
• Participate in and review the security of blockchain applications and smart contracts, identifying vulnerabilities such as re-entrancies, integer overflows, and improper logic.
• Contribute to a wide range of cybersecurity initiatives beyond AppSec, assisting with projects in vulnerability management, cloud security, data protection, and governance, risk & compliance to strengthen our overall security posture

Requirements

• Proficiency in English; French is a plus.
• Experience integrating security tools into CI/CD pipelines and working with developers to remediate findings.
• Strong grasp of web application, API, and cloud security principles and common vulnerabilities (e.g., OWASP Top 10).
• Important experience with penetration testing methodologies.
• Familiarity with security assessment of blockchain and smart contract systems is highly desirable.
• Analytical, detail-oriented, and communicative.

Benefits

• International environment (English is the main language)
• 50% of transportation costs & a sustainable mobility agreement
• Swile lunch voucher (€9.25 per day, 60% covered)
• 100% Alan Blue covered for you and your children
• Team events and offsites
• Gymlib contribution to gym membership

Are you interested in this job but feel you haven't ticked all the boxes? Don't hesitate to apply and tell us in the cover letter section why we should meet!

Here's what you can expect if you apply

1. HR Call with our Tech Talent Acquisition (30’)
2. Technical interview with our Senior SR & Cybersecurity Engineer (45’)
3. Technical Meeting with our Cybersecurity Director (60’)
4. Meeting with the Head of Engineering (30’)
5. Wrap up interview with our TA Team (45’)
6. C-Level interview (30’)
   

On the agenda, discussions rather than trick questions! These moments of exchange will allow you to understand how Flowdesk works and its values. But they are also (and above all) an opportunity for you to present your career path and your expectations for your next job!