Ingénieur-e Sécurité Applicative (AppSec) F/H - SAFRAN SA (FRANCE)
AEROCONTACT · Châteaufort, Île-de-France, France
- On site
- Full-time
- €60,000 / year
- Châteaufort, Île-de-France, France
Job highlights
- Secure AI and Data solutions in a dynamic environment.
- Integrate AppSec best practices into development workflows.
- Manage vulnerabilities and cloud security in AWS.
- Collaborate with cross-functional product teams.
- Contribute to innovative AI Factory initiatives.
About the role
About Safran
Safran is an international high-technology group operating in the fields of aeronautics (propulsion, equipment and interiors), space, and defense. Its mission is to sustainably contribute to a safer world, where air transport becomes ever more environmentally friendly, comfortable, and accessible. Present on all continents, the Group employs 100,000 people for a turnover of 27.3 billion euros in 2024, and holds world or European leading positions in its markets, alone or in partnership. Safran is the 2nd company in the aeronautics and defense sector in TIME magazine's "World's Best Companies 2024" ranking. Because we are convinced that every talent counts, we value and encourage applications from people with disabilities for our job opportunities.Job Description
Safran Analytics is the Group's "IA Factory," dedicated to the valorization and protection of business data (tabular, time series, text). The teams collaborate closely with the Group's engineers and product managers to design, develop, and secure innovative solutions based on Analytics, Machine Learning, and Generative AI. In this context, you will work in an agile and dynamic environment, within a product SQUAD, in collaboration with data scientists, data engineers, developers, architects, and UX designers, under the responsibility of a senior DevSecOps.Main Missions
- Accompany product teams in integrating application security best practices (AppSec approach) within AI & Data development flows.
- Actively participate in securing applications and services (SaaS, microservices, AI agents) developed and operated in the IA Factory.
- Raise awareness and advise teams on the state-of-the-art in software security, particularly in the AWS cloud context.
- Participate in the monitoring and management of vulnerabilities throughout the software lifecycle.
Detailed Responsibilities
1. Application Security and Compliance
- Conduct and support risk analyses for applications (EBIOS, OWASP, etc.).
- Integrate and supervise code review and vulnerability scanning tools in CI/CD pipelines (SAST, SCA).
- Contribute to drafting application security policies and standards aligned with Group and industry frameworks (NIST, ANSSI, OWASP Top 10).
- Manage alerts and vulnerability remediation (bug management, tracking, patch management coordination).
- Participate in internal AppSec awareness campaigns and prepare teams for security audits.
- Collaborate closely with DevSecOps to integrate security into AI industrialization workflows (CI/CD, MLOps).
- Support the implementation of security controls in AWS environments (IAM, secret management, secure infrastructure configuration).
- Ensure the application of security by design and privacy by design principles in AI/Data projects.
- Automate the detection, analysis, and management of application security incidents.
- Monitor application attack surface (logs, metrics, alerts), contribute to bug bounty/pentest simulation programs.
- Document and share security best practices and lessons learned with project teams.
Candidate Profile
- Education: Engineer or Master's degree (Bac+5) in Cybersecurity, Computer Science, Software Development, Information Systems, or equivalent.
- Experience: 2 to 4 years in application security, or in securing AI/Data/SaaS projects. A first experience in DevSecOps or public cloud (AWS) is a plus.
- Required Skills:
- Mastery of secure development concepts (e.g., Secure Coding, OWASP, common software vulnerabilities).
- Experience in vulnerability analysis on web applications, APIs, microservices.
- Proficiency with SAST/SCA tools and their integration into CI/CD chains (ideally GitLab CI/CD).
- Good understanding of AWS environments (IAM, KMS, Secrets Manager, GuardDuty, etc.), and Infrastructure as Code (Terraform).
- Awareness of privacy/personal data management (GDPR, encryption, anonymization).
- Behavioral Skills:
- Strong appetite for multidisciplinary teamwork, advisory posture.
- Pedagogy, initiative, and curiosity about emerging AI risks.
- Rigor, autonomy, reporting skills.
Key skills/competency
- Application Security
- DevSecOps
- AWS Security
- SAST/SCA
- CI/CD Integration
- Vulnerability Management
- Secure Coding Practices
- Risk Analysis
- AI/ML Security
- OWASP Top 10
Skills & topics
- Application Security Engineer
- AppSec
- DevSecOps
- AWS Security
- SAST
- SCA
- CI/CD
- Vulnerability Management
- Secure Coding
- Cybersecurity
- AI Security
- Data Security
- Microservices Security
- Cloud Security
- Software Development
How to get hired
- Tailor your resume: Highlight your application security, DevSecOps, and AWS experience using keywords from the job description.
- Showcase your projects: Detail any personal or professional projects demonstrating secure coding or vulnerability analysis skills.
- Prepare for technical questions: Be ready to discuss secure coding principles, OWASP Top 10, SAST/SCA tools, and AWS security concepts.
- Demonstrate collaboration: Emphasize your teamwork and advisory skills during behavioral interviews.
- Research Safran's mission: Understand their commitment to safety and innovation in aeronautics, space, and defense.
Technical preparation
Master secure coding and OWASP Top 10 principles.,Practice SAST/SCA tool integration in CI/CD.,Familiarize with AWS IAM and security services.,Understand Infrastructure as Code (Terraform).
Behavioral questions
Describe a time you advised a team on security.,How do you stay updated on emerging AI risks?,Share an experience of collaborative, multidisciplinary work.,How do you ensure rigor and autonomy in your tasks?
Frequently asked questions
- What is the primary focus of the Application Security Engineer role at Safran Analytics?
- The primary focus is to integrate and champion application security best practices within the AI Factory's development workflows for AI & Data solutions, ensuring the security of applications, services, and AI agents developed and operated by the team.
- What is Safran Analytics' 'IA Factory'?
- Safran Analytics' 'IA Factory' is the central hub for developing and protecting business data using advanced analytics, Machine Learning, and Generative AI. It's where innovative data-driven solutions are conceived, built, and secured.
- What is the expected level of experience for an Application Security Engineer at Safran?
- We are looking for candidates with 2 to 4 years of experience in application security, specifically in securing AI/Data/SaaS projects. Prior experience with DevSecOps or public cloud environments like AWS is highly valued.
- Which cloud environment is primarily used, and what AWS experience is needed for this Application Security Engineer role?
- The role operates within the AWS cloud environment. We require good foundational knowledge of AWS services such as IAM, KMS, Secrets Manager, and GuardDuty, along with familiarity with Infrastructure as Code (Terraform).
- How does Safran ensure security throughout the software development lifecycle in this role?
- The Application Security Engineer will integrate tools like SAST and SCA into CI/CD pipelines, conduct risk analyses, manage vulnerabilities, and ensure adherence to security policies and standards, actively participating in the entire software lifecycle security.
- What behavioral competencies are important for this Application Security Engineer position?
- Key behavioral competencies include a strong aptitude for multidisciplinary teamwork, a consultative approach, pedagogical skills, initiative, curiosity about emerging AI risks, rigor, autonomy, and effective reporting.
- Does Safran Analytics work with Agile methodologies?
- Yes, the role involves working within an agile and dynamic environment, collaborating closely within a product SQUAD alongside data scientists, data engineers, developers, architects, and UX designers.
- What are the main responsibilities regarding vulnerability management for this Application Security Engineer?