Senior Application Security Engineer
5d5 days agoFree
Paris, FR · Full-time · €70,000 – €95,000
About this role
At Free, you'll find a unique internal culture marked by a strong collective spirit. Recruitment is open without preconceptions on age or background. In close collaboration with the Information Security & Compliance Manager, pilot security of applications and critical systems for Group support functions, ensuring data protection, resilience, and regulatory compliance.
Guarantee operational deployment of the GRC strategy in RH, Finance, and Legal projects, aligning business needs with technical robustness and compliance frameworks. Conduct security reviews in security by design mode per ISCM requirements. Evaluate robustness of critical applications like SIRH, financial ERP, and legal tools, tracking remediations.
Manage vulnerabilities through SAST/DAST scans, pentests, and CVE handling, reporting effectiveness. Deploy controls including IAM, PAM, MFA, encryption, and logging. Collaborate with SOC and CSIRT on incident qualification and remediation for support applications.
Ensure compliance with RGPD, NIS2, DORA, LPM, and ISO 27001 under ISCM supervision. Animate targeted awareness campaigns on phishing, payroll manipulation, and sensitive contracts. Thrive in a fast-paced environment valuing autonomy and efficiency, feeling free at Free.
Requirements
- 5 to 8 years of experience in cybersecurity
- Significant experience in security of critical applications or ERP/SIRH
- Participation in audits or regulatory compliance efforts
- Solid experience in application security and SSI governance in complex matrixed environments
- Experience in GRC strategy deployment and risk analysis
- Knowledge of security reviews, vulnerability management, and pentests
Responsibilities
- Decline the group GRC roadmap to application security for support functions
- Deploy and monitor PSSI and thematic security policies per ISCM directives
- Conduct security reviews of projects in security by design mode
- Evaluate robustness of critical applications, SIRH, financial ERP, legal tools and track remediations
- Pilot vulnerability management, SAST/DAST scans, pentests, CVE and report effectiveness
- Implement technical controls including IAM, PAM, MFA, encryption, logging
- Ensure compliance with RGPD, NIS2, DORA, LPM, ISO 27001
- Participate in incident management and coordinate with SOC/CSIRT
Benefits
- Unique internal culture with strong collective spirit
- Open recruitment without bias on age or background
- Fast-paced environment emphasizing autonomy and efficiency
- Feel free and liberated in your work
Similar roles
Detection Engineer
5d5 days agoOTP Bank
Budapest, HU · Full-time
Senior Security Engineer - AWS Security
5d5 days agoAmazon.com
Seattle, US · Full-time · $178,400 – $226,700
Security Engineer - AWS Security
5d5 days agoAmazon.com
Seattle, US · Full-time · $159,300 – $202,400
Security Engineer Intern
5d5 days agoInbank
Tallinn, EE · Internship · €12,000 – €24,000