Responsibilities
- Lead threat modeling and risk assessment initiatives, acting as the security expert during system architecture evaluations for core systems and new offerings.
- Manage full lifecycle vulnerability handling across continuous integration and deployment pipelines as well as live production environments, including both software and underlying platforms.
- Protect Kubernetes environments and containerized applications by applying advanced hardening techniques at the pod and node levels to limit potential lateral movement.
- Establish and enforce secure Infrastructure-as-Code practices by creating strong Terraform security controls and embedding policy-as-code directly into deployment workflows.
- Develop and oversee a unified security tooling strategy, including cloud-native application protection, cloud security posture management, static analysis, software composition analysis, secrets detection, and SBOM with CVE tracking.
- Support development teams by creating secure-by-default configurations, simplifying vulnerability remediation processes, and producing clear, practical security guidance.
- Develop core security automation capabilities that grow with the organization, reducing manual effort and fostering a realistic, scalable security mindset from inception.
Work Arrangement
Hybrid — Paris
Other
- This role is located at the Paris headquarters.
- Staff are expected to be in the office a minimum of three days per week.
- Remote work flexibility is permitted, with remote days determined by team leads based on operational needs.
- Employees must maintain consistent communication with their teams.
- Availability during standard business hours is required.