Application Security Engineer
@ Pennylane

Hybrid
€90,000
Hybrid
Full Time
Posted 24 days ago

Your Application Journey

Personalized Resume
Apply
Email Hiring Manager
Interview

Email Hiring Manager

XXXXXXXXX XXXXXXXXXXX XXXXXXXXXX****** @pennylane.com
Recommended after applying

Job Details

About Pennylane

Pennylane is one of the fastest growing Fintechs in France and soon in Europe. We help entrepreneurs simplify accounting and finance, raising €225 million from investors like Sequoia. With over 800 employees from 25+ nationalities, we provide a remote-friendly, diverse work environment.

Our Vision & Mission

We aim to become the most beloved financial Operating System for French SMEs and Accounting Firms, empowering entrepreneurs with key financial information for smart decisions.

Role: Application Security Engineer

Join Romain, Sylvain and the security technical team under the leadership of Guillaume, our Head of Information and Security. In this role, you will collaborate with the compliance team to define and oversee projects that enhance security. You will be responsible for advising, training, and acting as the security reference for all employees, particularly developers. You will also manage technical operations related to ISO 27001 certification including audits, patch management, and security reviews.

  • Participate in Security By Design assessments for new features.
  • Ensure web application security for Ruby on Rails and React applications.
  • Maintain security of applications and AWS infrastructure including Kubernetes (EKS).
  • Conduct audits, code reviews and pentests to maintain ISO 27001 compliance.
  • Develop training materials and lead sessions on secure development.
  • Strengthen detection and response capabilities for technical and fraud threats.
  • Contribute to proposals by detailing security policies and technical aspects.

Candidate Profile

If you are experienced in application security with a strong grasp of offensive and defensive techniques, and proficient with Ruby, Python or JavaScript, you might be the right candidate. Good communication in English is required. Bonus if you have experience in Ruby or React development or hold security certifications.

Recruitment Process

  • Initial chat with Technical Recruiter Maxime (30 min).
  • Team discussion with Louis and Romain/Sylvain (30 min).
  • Complete a technical challenge within 48 hours.
  • Review exercise with the team (1 hour), then meet Head of Information and Security (40 min).
  • Final cultural interview with a co-founder (30 min).

Benefits & Work Perks

  • Remote work from anywhere in Europe (within CET time difference).
  • 25 vacation days with additional perks for those in France.
  • Competitive compensation and company shares.
  • Budget for home office setup and coworking spaces.
  • Access to Gymlib fitness spaces and Busuu language improvement.
  • Latest Apple equipment and regular company events.

Key skills/competency

Application Security, ISO 27001, Code Review, Pentest, AWS, Kubernetes, Ruby on Rails, React, Security By Design, Compliance

Apply without a personalized resume

How to Get Hired at Pennylane

🎯 Tips for Getting Hired

  • Customize your resume: Highlight relevant application security expertise.
  • Emphasize certifications: List security certifications and projects.
  • Align with culture: Showcase trust, autonomy, and proactivity.
  • Prepare for interviews: Practice technical scenarios and ISO audits.

📝 Interview Preparation Advice

Technical Preparation

Review ISO 27001 controls and audit techniques.
Practice Ruby on Rails and React security measures.
Study AWS EKS and Kubernetes hardening procedures.
Revisit web vulnerability exploitation and patching.

Behavioral Questions

Describe a time you solved a security crisis.
Explain your method for handling audit findings.
Discuss working collaboratively with cross-functional teams.
Share experience managing tech non-conformities.

Frequently Asked Questions