At Swile, we believe that good products can help reduce friction in daily professional life and boost employee satisfaction. Today, we provide innovative solutions in various areas such as Fintech, Travel, HR, and Employee Benefits to more than 5.5 million users in 85,000 companies in France and Brazil.
Your role as an Application Security Engineer centers around proactively setting up new tools and processes to ensure the security of our codebase, and creatively solving problems, ensuring a balance between speed, pragmatism and excellence together with the rest of the Tech team.
🦾 Key responsibilities
- 🔐 Join Swile's Security Team! 🔐
- Are you passionate about securing cloud environments and driving innovation? Swile is searching for a skilled DevSecOps Engineer to bolster our team and contribute to our secure architecture and apps.
NOTE: you will find below a (long) set of tasks. Don't worry, we are NOT expecting an expert on all of those fields! We are looking for a person curious enough to touch on all of those aspects and have 1 or 2 of them as fields of expertise.
Here's a snapshot of what you'll be doing:
Identify & Protect
- Work on our application security and threat modeling approaches, including audits, static and dynamic code analysis and pentesting.
- Collaborate with our DevOps, Software Engineers, and Engineering Managers to continually improve our application security strategies and priorities to protect our customers, and employees.
- End-to-end handling of vulnerability remediation, from detection to fix, working with all relevant stakeholders along the way.
- Commit patches to identified vulnerabilities to fix the existing code when needed. Work with engineering teams during the design phase of new products and features, conducting threat modeling, security architecture, and code reviews.
- Keep watch on emerging vulnerabilities and threats together with our SOC, Risk team and Compliance department.
- Perform and / or coordinate penetration testing campaigns and security assessments on the entirety of our codebase and infrastructure.
- Build our bug bounty program. Check submissions, confirm vulnerabilities, and decide on corrective measures.
Detect & Respond
- Lead and support incident response activities related to application security incidents.
- Develop an active defense: you will be creating and integrating security tools/solutions to automate and enhance detection and remediation.
Continuously improve our Security culture
- Undertake Red Team missions to enhance our security culture and train our staff (technical and non-technical).
- Maintain a high-security culture within the company. Organize and lead internal and external conferences and workshops.
✨It will be a perfect match if you have
-
Software Engineering Background: You have a strong foundation in software development and have seamlessly transitioned into the world of security.
-
Offensive Security Expertise: Proficient in using offensive security tools and techniques to uncover vulnerabilities.
-
Analytical Mindset: Ability to think like an attacker and preemptively identify potential security threats.
-
Communication Skills: Excellent ability to communicate complex security issues to non-technical stakeholders.
-
If you are a future responsible Swiler: you share our commitment to the environment, diversity, fairness and inclusion and are prepared to work every day to improve individual and collective performance.
📓 One thing worth to be mentioned
- We welcome individuals with entrepreneurial backgrounds as well as those from established organizations. At Swile, we believe that delivering impactful products requires engineers to understand the needs of users and clients as well as the code itself.
⚒️ Our tech stack
- Just as a bit of useful information, here's what our Dev teams are using.
-
Backend & Frontend: Ruby/Rails, Typescript/React/Node.js,
-
Mobile: Android (Kotlin), iOS(Swift),
-
Infra: AWS/Kubernetes, PostgreSQL, Kafka, Snowflake
-
Offensive Security: Burp Suite, Metasploit, Nmap
-
Programming Languages: Python, Bash, Go, Ruby, JavaScript
💡What’s in it for you ?
-
Vibrant Work Environment: Work in the heart of Paris in a supportive and inclusive team.
-
Flexible Work Arrangements: Enjoy up to 3 days of remote work each week.
-
Continuous Learning: Opportunities for professional development, access to industry-leading security conferences, and the latest security tools and resources.
-
Competitive Benefits: Competitive salary, comprehensive health benefits, wellness programs, and unique team-building retreats.
-
Impactful Work: Be part of a mission-driven company dedicated to transforming the workplace experience for millions.
🔥 Our hiring process
- Meet with one our our Tech Recruiters (30 to 45 minutes)
- Interview with your future Manager (1h) to talk Cybersecurity and project yourself onto the job
-
Technical deep dive in Security and Infrastructure (1h)
- Interview with our Tech Leaders (2 x 45min)