Launched in 2013, ManoMano is the European leader specialised in DIY, home improvement and gardening online. ManoMano brings together the largest offer of DIY & gardening online products. With more than 3600 seller partners and 10 million products, ManoMano brings together the largest offer across 6 countries : France, Belgium, Spain, Italy, Germany, United Kingdom.
We currently are 800 Manas & Manos, including a quarter of international talents and 24 nationalities, working in our 4 offices (Paris x2, Bordeaux and Barcelona). People are at the heart of ManoMano's culture around our 3 core values : boldness, ingenuity and care.
Joining us is a tremendous human and business adventure ! We offer an ideal and (hyper)dynamic environment to put your skills on innovative and concrete projects on a European scale.
Take a look at our Blog : https://medium.com/manomano-tech
What we offer at ManoMano:
- Fast growing start-up environment
- international (20+ nationalties) & agile company
- Sponsorings to external conferences - organisation of internal and external Meetups
- Crafternoons every Thursday afternoon (share your knowledges, learn from others)
- Swile card for lunch
- 60% company medical insurance
- 7 weeks of payed vacation
- Full teleworking option
- Amazing work environment in Paris 17th, Bordeaux & Barcelona
- Attractive salary (package)
Background & Missions
ManoMano, already positioned as the European leader in DIY, wants to propose the best online experience in DIY ecommerce. For this, ManoMano is extending an amazing security team, and is looking for an Application Security Engineer.
We are looking for an Application Security Engineer. In this role, you will help us build and mature application security practices and processes, with an automation first mindset, across the SDLC (Software Development Life Cycle). You will partner with the rest of the AppSec team to make it easier for engineers to deliver secure applications, to improve our application security posture and to reduce risk to our customers and company.
As a member of the AppSec domain, you will also participate in the development of our offensive security strategy by participating in the various penetration tests, red team missions and ethical hacking.
Provide to the developers the adapted tools to focus on the right threats. Implement and tune application security tools with developer user experience in mind, such as SCA, SAST, DAST, RASP
Lead and support application security reviews and threat modeling including code review, static code analysis and dynamic testing.
Automate and integrate security processes and controls throughout our entire SDLC from IDEs to source control systems to CI/CD pipelines to production deployments
Collaborate with DevOps, Software Engineering, and Product Management to continuously improve our application security strategies and priorities for protecting our customers, sellers and company
Report and communicate security issues and topics to technical and non-technical audiences. We will animate conferences and workshops.
Consider emerging vulnerabilities and threats from within the context of organizational risk and business impact(s).
Maintain a strong security culture: We create awareness and training programs. You maintain a high security culture in the company. Participate in the organization of the Sthack.fr
Evangelizing security with our engineers. To be a key contact within the technical teams
Involve in design solutions and fixing vulnerabilities. As a role of security referent, you would support operational and project teams in daily tasks and issues.
Be the first response and remediation for security-related alerts/incidents.
Develop an active defense: We develop and integrate security tools/solutions to automate and improve detection and remediation.
Your profile :
Bachelor’s degree in Computer Science, Engineering, Information Technology
You have a strong understanding of common and uncommon web application vulnerabilities and mitigations.
Hands-on experience implementing application security tools
Knowledge of secure web application architecture patterns and common vulnerabilities (OWASP Top 10, CWE/SANS Top 25)
Strong desire to learn, progress and innovate on intrusion techniques and offensive security
Experience using container and container orchestration technology (Docker, Kubernetes)
Experience with CI/CD tools
Excellent ability to communicate (oral and writing) to technical and non-technical audiences with a positive, collaborative, and enablement-focused attitude
Curiosity and desire to challenge conventional approaches to solving problems
Experience with scripting languages
Language: French, English
Demonstrated experience in capture the flag (CTFs) events, bug hunting or vulnerability research (CVEs) is a plus.