Launched in 2013, ManoMano is the European leader specialised in DIY, home improvement and gardening online. ManoMano brings together the largest offer of DIY & gardening online products. With more than 3600 seller partners and 10 million products, ManoMano brings together the largest offer across 6 countries : France, Belgium, Spain, Italy, Germany, United Kingdom.
We currently are 800 Manas & Manos, including a quarter of international talents and 24 nationalities, working in our 4 offices (Paris x2, Bordeaux and Barcelona). People are at the heart of ManoMano's culture around our 3 core values : boldness, ingenuity and care.
Joining us is a tremendous human and business adventure ! We offer an ideal and (hyper)dynamic environment to put your skills on innovative and concrete projects on a European scale.
Take a look at our Blog : https://medium.com/manomano-tech
What we offer at ManoMano:
- Fast growing start-up environment
- international (20+ nationalties) & agile company
- Sponsorings to external conferences - organisation of internal and external Meetups
- Crafternoons every Thursday afternoon (share your knowledges, learn from others)
- Swile card for lunch
- 60% company medical insurance
- 7 weeks of payed vacation
- Full teleworking option
- Amazing work environment in Paris 17th, Bordeaux & Barcelona
- Attractive salary (package)
Background & Missions
ManoMano, already positioned as European leader in DIY, wants to propose the best online experience in DIY ecommerce. For this, ManoMano is extending an amazing security team, and is looking for an Ethical Hacker.
The candidate must have the expertise to perform web application, internal and external network penetration testing, and source code review. You are an evangelist of security culture. The candidate must have a strong desire to learn, progress and innovate on intrusion techniques and offensive security.
The candidate thinks like an ethical hacker in order to better counter them to protect our customers and sellers.
Our goal is to find innovative solutions to solve IT security issues, adapted to business needs. This job of the ethical hacker is to collaborate with all the employees of the company.
As a member of the AppSec domain, you will also support us build and mature application security practices and processes, with an automation first mindset, across the SDLC (Software Development Life Cycle).
You will partner with the rest of the team to make it easier for engineers to deliver secure applications, to improve our application security posture and to reduce risk to our customers and company.
You will also be able to contribute to Hack4Value, our social bug bounty initiative for NGOs.
Hunt and fix vulnerabilities from the beginning to the end. Communicate discovered issues, how to exploit them, and how to fix them for both technical and nontechnical audiences.
Execute penetration tests and security assessments of existing and newly Manomano’s features and services.
Including internal & external networks, web and mobile applications
Participate in and design red team missions to increase culture and train our collaborators
Co-manage the community and our bounty bug program
Triage submissions, challenging reports, confirming vulnerabilities, deciding on corrective measures
Lead and support application security reviews and threat modeling including code review, static code analysis and dynamic testing.
Consider emerging vulnerabilities and threats from within the context of organizational risk and business impact(s).
Involve in design solutions and fixing vulnerabilities. Work with engineering teams in the design phase of new products and features, conducting threat modeling and security architecture, design and code reviews.
Maintain a strong security culture: We create awareness and training programs. You maintain a high security culture in the company. Animate internal and external conferences and workshops.
Collaborate with DevOps, Software Engineering, and Product Management to continuously improve our application security strategies and priorities for protecting our customers, sellers and company
Be the first response and remediation for security-related alerts/incidents.
Develop an active defense: We develop and integrate security tools/solutions to automate and improve detection and remediation.
Your profile :
Bachelor’s degree in Computer Science, Engineering, Information Technology
You have a strong understanding of common and uncommon web application vulnerabilities and mitigations.
Strong desire to learn, progress and innovate on intrusion techniques and offensive security
Good knowledge of web applications, Operating Systems, Security tools, network infrastructure
Strong understanding of secure architecture and design, threat modeling, security code review, SDLC and the ability to clearly articulate best practices and mitigations for application security.
Well Understanding, documenting and communicating
Excellent ability to communicate (oral and writing) to technical and non-technical audiences with a positive, collaborative, and enablement-focused attitude
Curiosity and desire to challenge conventional approaches to solving problems
Experience with scripting languages
Language: French, English
Demonstrated experience in capture the flag (CTFs) events, bug hunting or vulnerability research (CVEs) is a plus.