Application Security Engineer

About Safran

Safran is an international high-technology group operating in the fields of aeronautics (propulsion, equipment and interiors), space, and defense. Its mission is to sustainably contribute to a safer world, where air transport becomes ever more environmentally friendly, comfortable, and accessible. Present on all continents, the Group employs 100,000 people for a turnover of 27.3 billion euros in 2024, and holds world or European leading positions in its markets, alone or in partnership. Safran is the 2nd company in the aeronautics and defense sector in TIME magazine's "World's Best Companies 2024" ranking. Because we are convinced that every talent counts, we value and encourage applications from people with disabilities for our job opportunities.

Job Description

Safran Analytics is the Group's "IA Factory," dedicated to the valorization and protection of business data (tabular, time series, text). The teams collaborate closely with the Group's engineers and product managers to design, develop, and secure innovative solutions based on Analytics, Machine Learning, and Generative AI. In this context, you will work in an agile and dynamic environment, within a product SQUAD, in collaboration with data scientists, data engineers, developers, architects, and UX designers, under the responsibility of a senior DevSecOps.

Main Missions

• Accompany product teams in integrating application security best practices (AppSec approach) within AI & Data development flows.
• Actively participate in securing applications and services (SaaS, microservices, AI agents) developed and operated in the IA Factory.
• Raise awareness and advise teams on the state-of-the-art in software security, particularly in the AWS cloud context.
• Participate in the monitoring and management of vulnerabilities throughout the software lifecycle.

Detailed Responsibilities

1. Application Security and Compliance

• Conduct and support risk analyses for applications (EBIOS, OWASP, etc.).
• Integrate and supervise code review and vulnerability scanning tools in CI/CD pipelines (SAST, SCA).
• Contribute to drafting application security policies and standards aligned with Group and industry frameworks (NIST, ANSSI, OWASP Top 10).
• Manage alerts and vulnerability remediation (bug management, tracking, patch management coordination).
• Participate in internal AppSec awareness campaigns and prepare teams for security audits.

2. Cloud Security and DevSecOps

• Collaborate closely with DevSecOps to integrate security into AI industrialization workflows (CI/CD, MLOps).
• Support the implementation of security controls in AWS environments (IAM, secret management, secure infrastructure configuration).
• Ensure the application of security by design and privacy by design principles in AI/Data projects.

3. Automation, Monitoring, and Incident Response

• Automate the detection, analysis, and management of application security incidents.
• Monitor application attack surface (logs, metrics, alerts), contribute to bug bounty/pentest simulation programs.
• Document and share security best practices and lessons learned with project teams.

Candidate Profile

• Education: Engineer or Master's degree (Bac+5) in Cybersecurity, Computer Science, Software Development, Information Systems, or equivalent.
• Experience: 2 to 4 years in application security, or in securing AI/Data/SaaS projects. A first experience in DevSecOps or public cloud (AWS) is a plus.
• Required Skills:
  • Mastery of secure development concepts (e.g., Secure Coding, OWASP, common software vulnerabilities).
  • Experience in vulnerability analysis on web applications, APIs, microservices.
  • Proficiency with SAST/SCA tools and their integration into CI/CD chains (ideally GitLab CI/CD).
  • Good understanding of AWS environments (IAM, KMS, Secrets Manager, GuardDuty, etc.), and Infrastructure as Code (Terraform).
  • Awareness of privacy/personal data management (GDPR, encryption, anonymization).
• Behavioral Skills:
  • Strong appetite for multidisciplinary teamwork, advisory posture.
  • Pedagogy, initiative, and curiosity about emerging AI risks.
  • Rigor, autonomy, reporting skills.

Key skills/competency

• Application Security
• DevSecOps
• AWS Security
• SAST/SCA
• CI/CD Integration
• Vulnerability Management
• Secure Coding Practices
• Risk Analysis
• AI/ML Security
• OWASP Top 10