Context
As part of our strong growth, we are opening a position of Application Security Manager to help build and nurture teams and empower others to promote security by design and ensure compliance for our beloved customers. We are looking for someone passionate about application security who enjoys working on software products from design to operations. Ideal candidates will have experience to scale security through automation and communication. If this sounds like you, join us!

In collaboration with the product team, you will develop and build features and processes that allow the team to protect our customers and their data. You will partner with our managers and engineers to prioritize security during the entire software development life cycle and provide them tools and programs to do so including a security matrix, security reviews, static/dynamic testing tooling and vulnerability management. You will also support the business to meet client’s security requirements in the pre-sales and project implementation teams while in production.

Missions

• Grow and coordinate a security team to cover EMEA’s and AMERICA’s regions.
• Ensure our global security policy is up-to-date and applied.
• Partner with Engineering team and Product Managers to drive improved security patterns and controls across the product.
• Empower Engineering teams to own their security risk by using effective tools, processes and metrics
• Ensure a security training and engagement program across the team.
• Lead investigations and monitor the service to prevent from security issues.
• Coordinate security audits and product certification program (such as PCIDSS).
• Collaborate with teams and DPO for all measures to protect data privacy.
• Practice effective communication across our globally distributed team.
• Support pre-sales teams to answer RFP and deals with security requirements.
• Support our marketing team with specific collaterals on security (video, deck, website).
• Evaluate risks, raise alerts or resolve issues that arise.

How we work
Driven by the Agile Scrum method, we are organized in squads of 6-8 people featuring a Product Owner, a Lead Developer (acting as Scrum Master), Frontend & Backend Developers and QA Engineers. Our DevOps Engineers and UI/UX Designers are dedicated to all squads.

Our full technical stack
https://www.welcometothejungle.com/companies/innso/tech

What we offer
💰 Attractive salary package, including profit-sharing schemes.
📌 Central location of our Paris office - 50 boulevard Haussmann, close to Opéra (RER A - Auber).
💻 Flexible work from home policy, with a minimum of 3 days per month to be spent at the office.
🥗 Meal tickets of 9€ each, with an employer’s contribution of 5,40€.
🌴 12 days of RTT per year (additional rest days) on top of the regular 25 paid leave.
🚌 50% of public transportation fees reimbursed by the company.
🚲 Mileage allowance for bicycles.
👪 Competitive health insurance plan with the option to register partner and children at no extra cost.
⚽ Benefits for social & cultural activities (up to 745 €/year for a single person without children with 1 year of seniority): Vouchers for Christmas gifts, holidays, culture and sports. Access to an online platform for discount shopping.

Required

• At least 5 years of application security experience.
• Great verbal and written communication skills in French and English.
• Experience mentoring junior team members and peers.
• Experience with agile development processes, working in a fast-paced environment with DevOps tools (Kubernetes, Terraform).
• Experience with vulnerability management and monitoring tools.
• Experience with Java and Cloud Providers (AWS).
• Experience reproducing and documenting web application vulnerabilities.
• Experience with inspiring change across organizations and ability to influence.
• Knowledge of SaaS model and modern web application technologies including their security threats and vulnerabilities.
• Bachelor’s degree in Computer Science or other relevant focus of study.

Nice to have

• Experience on PCIDSS audit and certification.
• Security certifications such as OSCP, GWEB, GPEN, GWAPT, CISSP, GSEC, etc.

1. Meet our recruitment specialist to ensure alignment between our job offer and your professional project, expectations, mobility, availability, etc.
2. Meet our Global Directors of IT and Security to make sure that you could fit into our existing team.
3. Meet our CTO to have better insights about your technical approach and see how you could work together.