Application Security Engineer

Extia

You want to join a company that places people at the heart of its concerns? We are waiting for you at Extia!

As a consulting company specialized in IT and digital sectors, Extia has prioritized an approach that combines performance and well-being at work since its creation in 2007. This vision is shared today by more than 2,500 Extians across France and internationally, and has been recognized by the Great Place to Work certification for 15 years!

We believe in equal opportunity and offer every candidate the chance to reveal their potential, without distinction of any kind. At Extia, it's "First who, then what" so, let's do it!

First who


  • Strong leadership skills with ability to manage initiatives independently.
  • Excellent communication skills and ability to explain technical topics to diverse audiences.
  • Strong teaching and mentoring abilities for developer enablement.
  • Analytical and structured problem-solving mindset.
  • Ability to influence and drive adoption of security practices across teams.
  • Strong documentation and technical writing skills.
  • Proactive, autonomous, and improvement-oriented mindset.


Then what

What You’ll Do


  • Contribute to the application security strategy and roadmap within the organization.
  • Mentor and support junior Application Security Engineers, promoting knowledge sharing and best practices.
  • Drive continuous improvement of the Secure Software Development Lifecycle (S-SDLC) framework.
  • Provide expert-level guidance to development teams on application security topics and secure development practices.
  • Lead vulnerability analysis, triage, remediation, and follow-up across applications and services.
  • Ensure effective integration of security tools (SAST, DAST, SCA, container scanning, IaC scanning, secrets detection) into CI/CD pipelines.
  • Lead security awareness initiatives, workshops, and developer training sessions.
  • Develop and maintain security documentation, standards, and best practice guidelines.
  • Define, monitor, and optimize security metrics (KPIs, KRIs, OKRs).
  • Conduct threat analysis and technological watch to identify emerging risks and security trends.
  • Propose and prototype innovative security solutions and improvements.
  • Support automation and continuous improvement of application security processes and tooling.


What We’re Looking For


  • Strong expertise in application security tools and practices, including SAST, DAST, SCA, container scanning, IaC scanning, and secrets detection.
  • Experience integrating security controls into CI/CD pipelines.
  • Strong programming skills in Python, C++, C#, or similar languages.
  • Solid understanding of OWASP Top 10 and common application vulnerabilities.
  • Experience in vulnerability analysis, remediation, and false-positive management.
  • Knowledge of cloud security across public, private, hybrid, and regulated environments.
  • Familiarity with development frameworks (e.g., Angular, Hadoop or similar).
  • Understanding of secure SDLC and DevSecOps practices.


Como aplicar?

Para se candidatar a este emprego, você precisa autorizar em nosso site. Se você ainda não possui uma conta, registre-se.