Application Security Engineer
Extia
As a consulting company specialized in IT and digital sectors, Extia has prioritized an approach that combines performance and well-being at work since its creation in 2007. This vision is shared today by more than 2,500 Extians across France and internationally, and has been recognized by the Great Place to Work certification for 15 years!
We believe in equal opportunity and offer every candidate the chance to reveal their potential, without distinction of any kind. At Extia, it's "First who, then what" so, let's do it!
First who
- Strong leadership skills with ability to manage initiatives independently.
- Excellent communication skills and ability to explain technical topics to diverse audiences.
- Strong teaching and mentoring abilities for developer enablement.
- Analytical and structured problem-solving mindset.
- Ability to influence and drive adoption of security practices across teams.
- Strong documentation and technical writing skills.
- Proactive, autonomous, and improvement-oriented mindset.
What You’ll Do
- Contribute to the application security strategy and roadmap within the organization.
- Mentor and support junior Application Security Engineers, promoting knowledge sharing and best practices.
- Drive continuous improvement of the Secure Software Development Lifecycle (S-SDLC) framework.
- Provide expert-level guidance to development teams on application security topics and secure development practices.
- Lead vulnerability analysis, triage, remediation, and follow-up across applications and services.
- Ensure effective integration of security tools (SAST, DAST, SCA, container scanning, IaC scanning, secrets detection) into CI/CD pipelines.
- Lead security awareness initiatives, workshops, and developer training sessions.
- Develop and maintain security documentation, standards, and best practice guidelines.
- Define, monitor, and optimize security metrics (KPIs, KRIs, OKRs).
- Conduct threat analysis and technological watch to identify emerging risks and security trends.
- Propose and prototype innovative security solutions and improvements.
- Support automation and continuous improvement of application security processes and tooling.
- Strong expertise in application security tools and practices, including SAST, DAST, SCA, container scanning, IaC scanning, and secrets detection.
- Experience integrating security controls into CI/CD pipelines.
- Strong programming skills in Python, C++, C#, or similar languages.
- Solid understanding of OWASP Top 10 and common application vulnerabilities.
- Experience in vulnerability analysis, remediation, and false-positive management.
- Knowledge of cloud security across public, private, hybrid, and regulated environments.
- Familiarity with development frameworks (e.g., Angular, Hadoop or similar).
- Understanding of secure SDLC and DevSecOps practices.