11 days ago

Application Security Engineer

AEROCONTACT

On Site
Full Time
€60,000
Châteaufort, Île-de-France, France
Apply

Job Overview

Job TitleApplication Security Engineer
Job TypeFull Time
Offered Salary€60,000
LocationChâteaufort, Île-de-France, France

Who's the hiring manager?

Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.

Uncover Hiring Manager

Job Description

About Safran

Safran is an international high-technology group operating in the fields of aeronautics (propulsion, equipment and interiors), space, and defense. Its mission is to sustainably contribute to a safer world, where air transport becomes ever more environmentally friendly, comfortable, and accessible. Present on all continents, the Group employs 100,000 people for a turnover of 27.3 billion euros in 2024, and holds world or European leading positions in its markets, alone or in partnership. Safran is the 2nd company in the aeronautics and defense sector in TIME magazine's "World's Best Companies 2024" ranking. Because we are convinced that every talent counts, we value and encourage applications from people with disabilities for our job opportunities.

Job Description

Safran Analytics is the Group's "IA Factory," dedicated to the valorization and protection of business data (tabular, time series, text). The teams collaborate closely with the Group's engineers and product managers to design, develop, and secure innovative solutions based on Analytics, Machine Learning, and Generative AI. In this context, you will work in an agile and dynamic environment, within a product SQUAD, in collaboration with data scientists, data engineers, developers, architects, and UX designers, under the responsibility of a senior DevSecOps.

Main Missions

  • Accompany product teams in integrating application security best practices (AppSec approach) within AI & Data development flows.
  • Actively participate in securing applications and services (SaaS, microservices, AI agents) developed and operated in the IA Factory.
  • Raise awareness and advise teams on the state-of-the-art in software security, particularly in the AWS cloud context.
  • Participate in the monitoring and management of vulnerabilities throughout the software lifecycle.

Detailed Responsibilities

1. Application Security and Compliance
  • Conduct and support risk analyses for applications (EBIOS, OWASP, etc.).
  • Integrate and supervise code review and vulnerability scanning tools in CI/CD pipelines (SAST, SCA).
  • Contribute to drafting application security policies and standards aligned with Group and industry frameworks (NIST, ANSSI, OWASP Top 10).
  • Manage alerts and vulnerability remediation (bug management, tracking, patch management coordination).
  • Participate in internal AppSec awareness campaigns and prepare teams for security audits.
2. Cloud Security and DevSecOps
  • Collaborate closely with DevSecOps to integrate security into AI industrialization workflows (CI/CD, MLOps).
  • Support the implementation of security controls in AWS environments (IAM, secret management, secure infrastructure configuration).
  • Ensure the application of security by design and privacy by design principles in AI/Data projects.
3. Automation, Monitoring, and Incident Response
  • Automate the detection, analysis, and management of application security incidents.
  • Monitor application attack surface (logs, metrics, alerts), contribute to bug bounty/pentest simulation programs.
  • Document and share security best practices and lessons learned with project teams.

Candidate Profile

  • Education: Engineer or Master's degree (Bac+5) in Cybersecurity, Computer Science, Software Development, Information Systems, or equivalent.
  • Experience: 2 to 4 years in application security, or in securing AI/Data/SaaS projects. A first experience in DevSecOps or public cloud (AWS) is a plus.
  • Required Skills:
    • Mastery of secure development concepts (e.g., Secure Coding, OWASP, common software vulnerabilities).
    • Experience in vulnerability analysis on web applications, APIs, microservices.
    • Proficiency with SAST/SCA tools and their integration into CI/CD chains (ideally GitLab CI/CD).
    • Good understanding of AWS environments (IAM, KMS, Secrets Manager, GuardDuty, etc.), and Infrastructure as Code (Terraform).
    • Awareness of privacy/personal data management (GDPR, encryption, anonymization).
  • Behavioral Skills:
    • Strong appetite for multidisciplinary teamwork, advisory posture.
    • Pedagogy, initiative, and curiosity about emerging AI risks.
    • Rigor, autonomy, reporting skills.

Key skills/competency

  • Application Security
  • DevSecOps
  • AWS Security
  • SAST/SCA
  • CI/CD Integration
  • Vulnerability Management
  • Secure Coding Practices
  • Risk Analysis
  • AI/ML Security
  • OWASP Top 10

Tags:

Application Security Engineer
AppSec
DevSecOps
AWS Security
SAST
SCA
CI/CD
Vulnerability Management
Secure Coding
Cybersecurity
AI Security
Data Security
Microservices Security
Cloud Security
Software Development

Share Job:

How to Get Hired at AEROCONTACT

  • Tailor your resume: Highlight your application security, DevSecOps, and AWS experience using keywords from the job description.
  • Showcase your projects: Detail any personal or professional projects demonstrating secure coding or vulnerability analysis skills.
  • Prepare for technical questions: Be ready to discuss secure coding principles, OWASP Top 10, SAST/SCA tools, and AWS security concepts.
  • Demonstrate collaboration: Emphasize your teamwork and advisory skills during behavioral interviews.
  • Research Safran's mission: Understand their commitment to safety and innovation in aeronautics, space, and defense.

Frequently Asked Questions

Find answers to common questions about this job opportunity

Explore similar opportunities that match your background