Détail de l'annonce pour le poste de Application Security Engineer H/F en pentesting chez Doctolib à Paris

Are you ready to protect the security and privacy of our patients to ensure the best user experience of the top European healthcare product used and loved by millions of patients and doctors?

If so, we are looking for a skilled, passionate Application Security Engineer who loves to reveal potential security issues, fix them, communicate about it, along with crafting solutions to rule out those weaknesses.

Security is our absolute priority and that’s why we want to build the best team to maintain a state-of-the-art, healthcare compliant, security level.

Who we are:

Founded in 2013, Doctolib is the fastest growing and largest ehealth startup in Europe.

For patients, Doctolib is an online free service which enables them to find a nearby health practitioner, book appointments 24/7 within a few clicks and manage medical bookings. For doctors and hospitals, Doctolib is a software with a full-range of services dedicated to improve their day-to-day organization, develop their practice, build a premium patient experience and allow them to collaborate more easily with referring doctors.
We commit to deliver user friendly tools & services with the goal to improve people’s health and quality of life of people working in healthcare. We are particularly focused on building an organisation where people thrive, grow in their careers, and enjoy having high impact through their work.

Doctolib in a nutshell (as of Jan.2018)

  • We collaborate with 40,000 doctors and 900 healthcare facilities including some of the most important hospitals in France (AP-HP) and Germany.
  • We gather 15 million patients on our platform each month with a significant growth
  • We are 400 Doctolibers located in 35 offices (France and Germany) with our headquarter in Paris.
  • We have raised €85m from Accel Partners (investor in Facebook, Spotify, Dropbox...), Bpifrance (Sigfox, Withings, Parrot), Kerala Ventures, Eurazeoand and some entrepreneurs (Nicolas Brusson (BlaBlaCar), Pierre Kosciusko-Morizet (PriceMinister), Ludwig Klitzsch (CoMedicum), Bertrand Jelensperger (TheFork)...).

The 5 Core Values of Doctolib: the « SPAAH »

  • Service: Delivering an outstanding service.
  • Passion: Being passionate and creating fun.
  • Ambition: Being ambitious, with no limits.
  • Attack: Being determined.
  • Humility: Being humble and sensitive to others.

What you will do:

  • Perform security assessments of existing and upcoming Doctolib’s features and products
  • Review code and design of our products
  • Fix vulnerabilities
  • Establish a Secure Development Lifecycle
  • Help our product owners to ship ‘secure by design’ features
  • Implement and manage a bug bounty program
  • Raise awareness of our developers to security best practices
  • Create security tests to avoid any regression

Your profile : 

  • You have minimum 5 years of experience within the security domain.
  • Security assessments of web applications have no secret for you ! 
  • You have a strong understanding of common and uncommon web application vulnerabilities and mitigations.
  • You are experienced in a common programming language (Ruby, Python, Java,...)
  • You are familiar or eager to learn about security vulnerabilities specific to Ruby on Rails.
  • You have a good understanding of security in distributed systems at scale.
  • You are able to collaborate with all people working in the company (tech & non-tech).
  • You are autonomous, pragmatic & have good structuration skills.
  • You speak English and French fluently.

What we offer you :

  • A team of 400 amazing people, passionate about a common project
  • Time and budget for self-development: participation in conferences & free time dedicated to prepare talks for meetups and conferences
  • Great office in the heart of Paris!
  • A few DoctoParties, DoctoMonthly Meetings, DoctoBeers, DoctoWeek-ends..
  • The opportunity to revolutionize a whole industry ! 


  • Contract: full-time position
  • Start: as soon as possible
  • Location:  based in our headquarter in the center of Paris (relocation package if needed)
  • Package: attractive salary depending on profile