Champion security-by-design: Advise and collaborate with development and infrastructure teams to embed security best practices from the start of every project.
Lead technical security reviews: Conduct in-depth code reviews (TypeScript, Node.js, Python) to uncover and remediate vulnerabilities.
Analyze third-party libraries and dependencies, including reverse engineering when needed.
Review Infrastructure-as-Code (Terraform) and multi-tenant AWS setups.
Drive security audits & testing: Plan and execute penetration tests and intrusion campaigns on systems, applications, and internal tools (CI/CD, authentication, etc.).
Propose actionable remediation strategies to strengthen our defenses.
Own security monitoring: Oversee and maintain our SIEM (ElasticSearch, multi-node Linux).
Develop automation tools and scripts for proactive threat detection and incident response.
Shape security culture: Help update policies and procedures, and raise awareness across teams through coaching, workshops, and communication.
Stay ahead of threats: Monitor emerging vulnerabilities and attack techniques, and recommend adaptive defense strategies.

Extensive technical experience in information security (typically 8+ years), with hands-on expertise in at least two of the following: code auditing (TypeScript/Node.js/Python), infrastructure security (AWS/Linux/Terraform), penetration testing, or SIEM management.
Deep understanding of secure development practices and modern web architectures (microservices, cloud/PaaS/SaaS).
Strong scripting ability (Python, Bash, etc.).
Experience with ElasticSearch in production environments.
Excellent communication and collaboration skills; ability to explain complex security concepts to diverse audiences.
Fluent English.
Nice-to-haves:
Experience with reverse engineering and analysis of minified/obfuscated code.
Knowledge of security standards (ISO 27001, OWASP, etc.).
Experience with GCP, Datadog, or Snowflake.
French language skills.

Technical Security Expert

Key skills