Details of the offer for Security Engineer H/F about pentesting at Doctolib in Paris

Welcome! We are looking for a Security Engineer to join our Security team. Protect the confidentiality and the data of our patients is an absolute priority, so we need the best team to maintain a state-of-the-art, healthcare compliant, security level.

Who we are:

Founded in 2013, Doctolib is the #1 online and mobile booking platform and management software provider for doctors in France. We help patients book doctor or dentist appointments 24/24 and 7/7 within a few clicks and we offer doctors a full-range service to improve booking management, reduce no show and bring new patients to their office.

We simply try to deliver the great healthcare experience we all deserve in Europe.

In three years, Doctolib has become the fastest growing health care startup in Europe and has grown up to 350 people and 8.5 million patients a month. We have raised €50m from top investors including Accel Partners (Facebook, Spotify, Dropbox), Ludwig Klitzsch (CIP Clinic), Nicolas Brusson (BlaBlaCar), Bertrand Jelensperger (TheFork) and Bpifrance (Sigfox, Withings, Parrot).

The 5 Core Values of Doctolib: the « SPAAH »

  • Service: Delivering an outstanding service.
  • Passion: Being passionate and creating fun.
  • Ambition: Being ambitious, with no limits.
  • Attack: Being determined.
  • Humility: Being humble and sensitive to others.

What you will do:

  • Perform security assessments of existing and newly Doctolib’s features and services.  
  • Be the first response and remediation for security-related alerts/incidents.
  • Architect, design, and develop solutions hand-to-hand with our technical teams.
  • Coordinate and deliver security projects across teams within Doctolib regarding:
    • application and interface security;
    • data security;
    • infrastructure & virtualization security;
    • mobile security;
    • risk management.
  • Develop proof of concepts for new security tools in order to evaluate the impact of these tools.
  • Do a regular technical watch.
  • Triage submissions and help run the future Bug Bounty program.
  • Facilitate collaboration with other engineers, product owners, and business owners to incorporate security thinking across departments.
  • Coordinate and collaborate with other parts of the company such Legal and Office.
  • Work from our awesome office in Paris where we work closely with teams across all Doctolib services.

Who you are:

  • You have minimum 3 years of experience within the security domain.
  • You have skills in security assessments of web applications and Linux (ideally on MS stack too).
  • You have a strong understanding of common and uncommon web application vulnerabilities and mitigations.
  • You are familiar or eager to learn about security vulnerabilities specific to Ruby on Rails.
  • You have a good understanding of security in distributed systems at scale.
  • You have a deep understanding of information security and risk management for IT-based companies.
  • You are able to collaborate with all people working in the company (tech & non-tech).
  • You are able to lead projects efficiently.
  • You know how to prioritize tasks using cost and value and to address subjects in an efficient way (ex. MoSCoW).
  • You are autonomous, pragmatic & have good structuration skills.
  • You speak English and French fluently.


  • Job type: Full-time long-term contract
  • Location: Paris
  • Start date: ASAP