We are looking for an experienced Application Security Specialist to help strengthen our secure development practices across the software development lifecycle. You will play a key role in improving security governance, supporting development teams, and integrating security controls into agile and DevOps processes.
Key Responsibilities
* Define and support the adoption of secure development standards and practices (SSDLC).
* Provide guidance and coaching to development teams on secure coding and data protection.
* Perform security testing activities (SAST, DAST, pentesting) and manage related tooling.
* Contribute to threat modeling, vulnerability management, and risk assessments.
* Collaborate with cross-functional teams including architecture, infrastructure, and identity & access management.
* Lead or contribute to initiatives on supply chain security, especially third-party/open-source dependencies.
* Support integration of security into CI/CD pipelines and cloud environments.
* Deliver awareness sessions and training on application security topics.
* Stay current with emerging threats, vulnerabilities, and relevant regulations.
Technical Environment
* CI/CD platforms (e.g., Azure DevOps or similar)
* SAST/DAST tools (e.g., SonarQube, OWASP ZAP, Burp Suite CE)
* Vulnerability and software composition analysis tools (e.g., DefectDojo, Dependency Track)
* SBOM tools and formats (e.g., CycloneDX)
* Common development environments and Linux systems (e.g., Ubuntu, Kali)
Required Skills
* French Native
* Strong knowledge of OWASP Top 10 and secure development practices
* Solid understanding of SDLC and CI/CD integration
* Familiarity with application-level threat modeling and risk analysis
* Basic to intermediate understanding of cloud security (Azure preferred)
* Excellent communication skills – ability to translate security concepts to non-technical audiences
Preferred Skills
* Experience with application security governance and frameworks (e.g., ISO 27001, NIS 2)
* Knowledge of IAM principles and log security (e.g., audit logs, SIEM)
* Prior experience designing or implementing vulnerability and dependency management programs
* Exposure to DevSecOps methodologies and secure supply chain practices