Application Security Engineer, Pennylane

Salary not provided
React
AWS
Kubernetes
JavaScript
Python
Ruby
Rails
Ruby on Rails
Mid and Senior level
Remote in France
Paris
Pennylane

Financial management & accounting platform

Job no longer available

Pennylane

Financial management & accounting platform

501-1000 employees

FintechB2BBookkeepingSaaSAccountingAutomation

Job no longer available

Salary not provided
React
AWS
Kubernetes
JavaScript
Python
Ruby
Rails
Ruby on Rails
Mid and Senior level
Remote in France
Paris

501-1000 employees

FintechB2BBookkeepingSaaSAccountingAutomation

Company mission

To build the leading financial tool for European SMEs see current job openings.

Job

Company

Role

Who you are

  • You are mid/senior level in defensive or offensive application security, are a quick learner and like to work on different projects. As a security team member at Pennylane, you’ll work on all security topics (application, cloud infrastructure, security by design, training, ISO 27001, etc.)
  • Working in an English-speaking environment doesn't scare you, you don't need to be bilingual. You need to be able to share your ideas and thoughts well in spoken and written English and to understand what is being said. If you need help with this, we can provide you with a Busuu subscription to improve your English immediately
  • You ideally have the following skills/experience ⏬
  • Able to perform offensive security assessments on an infrastructure or an application
  • You know how to exploit and fix a wide range of Web vulnerabilities (not just the OWASP top 10)
  • You already have an experience in a programming language (Ruby, Python, JavaScript), either for quick and dirty scripting to exploit a vulnerability or for larger projects
  • You have an experience in cloud infrastructure security
  • You are able to popularize technical terms to facilitate the adoption of security measures within projects or to broadcast messages to Pennylaners
  • You are autonomous, proactive and organized
  • Working with remote colleagues is not an issue for you
  • Bonus: if you have already developed in Ruby or React and/or if you have technical application security certifications. A multi-skilled profile will be preferred

What the job involves

  • We are looking for an Application Security Engineer to join Louis and Romain in the technical security team
  • Reporting directly to Guillaume, our Head of Information Security, you will be responsible for all technical matters involving security issues
  • Working with the security compliance team, you may be required to provide technical support to the team in the definition and monitoring of long-term projects designed to strengthen the security of our assets in a sustainable manner
  • You will have a key role in advising, assisting, informing, training and alerting all employees (especially developers)
  • You will also be responsible for the day-to-day management of technical operations in the context of ISO 27001 certification
  • Work on all technical security issues/projects while providing technical support on compliance needs
  • Security by design within the projects by discussing with the teams to consider the security risks
  • To be proactive in the security projects to be carried out, to define and to prioritize them
  • Ensure the security of the main Web application in Ruby on Rails and React: its dependencies, its code, its infrastructure and its configuration
  • Security and maintaining the security condition of other applications and AWS infrastructure, including its Kubernetes environment (AWS EKS)
  • Conduct and perform regular security assessments (internally or by an external firm) on the applications (code reviews/pentests/bug bounty in particular) and the infrastructure
  • Ensure compliance with ISO 27001 controls (processes) related to development (mandatory code practices, validation, patch management, vulnerability management, etc.) by training developers, monitoring projects (tech, product), conducting regular internal audits and managing tech non-conformities
  • Conducting code reviews from a secure development point of view (about 80 releases per day, not all of which have security implications, but it is an important and recurring topic)
  • Build/Improve secure development training materials and conduct regular training sessions with the developers
  • Contribute to tenders to explain our security policies and provide the necessary technical details
  • Learn about Rails and React to detect vulnerabilities during code reviews and implement associated patches
  • Strengthen the current means of detecting malicious attempts

Application process

  • You will first have a general chat with Thomas (Technical Recruiter) : 30 min
  • Then you’ll meet Louis and Romain - Application Security Engineers, a first introduction meeting where you’ll also discover the technical challenge (30min). You carry out independently the technical challenge for the next 48h
  • Then, you’ll discuss about your solutions with Guillaume (Head of Information Security), Louis and Romain - (1h)
  • Finally, a last culture fit meeting with one of our co-founders (30min)
  • We make sure we move fast ; you can expect the recruitment process with us to last between 15 and 25 days in total

Otta's take

Theo Margolius headshot

Theo Margolius

COO of Otta

In multiple mature markets, companies have been using QuickBooks, Xero and other SaaS solutions for accounting, but it is a fragmented industry with each country using its own software solution. In France, there is no definitive SaaS solution for accounting.

Pennylane wants to overhaul current tools and modernise the tech stack of accounting firms, by connecting directly with third-party services that hold valuable information. Accounting firms can use Pennylane collaboratively by accessing the platform to centralise receipts, create invoices and automate tasks. Instead of sending information back and forth with spreadsheets and photo attachments, both clients and accounting firms can interact directly on the platform.

Pennylane has a significant market opportunity ahead, with an ambitious goal to become the preferred management platform for European companies. The company already claims 50,000 customers. A recent instalment of funding will allow the company to further develop its platform, looking at artificial intelligence for accountants, and expand to other markets in Europe.

Insights

Top investors

Some candidates hear
back within 2 weeks

25% employee growth in 12 months

Glassdoor (4.6)

Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon

Company

Funding (last 2 of 6 rounds)

Feb 2024

$43.5m

SERIES C

May 2023

$32.1m

SERIES C

Total funding: $166.8m

Company benefits

  • Work remotely from anywhere in Europe, as long as your contract allows you to
  • Company shares to enjoy a piece of the success story you're building with us
  • A budget to turn your home into a more comfortable workspace, as well as a monthly allowance to work from a coworking space whenever you feel like it
  • Access to 8000 fitness spaces in Europe and more than 300 activities related to wellness through our partner Gymlib
  • Access to Busuu to perfect your english or your french
  • The latest Apple equipment
  • Be part of a vibrant social community: we do lots of sports together (running, climbing...), we love to hang out and have a drink together (Thursday afterwork drinks on our rooftop is a usual thing)
  • Twice-a-year company seminars
  • Wonderful office in the center of Paris
  • 10 additional days off (to the 25 standard ones) for those based in France
  • Lunch credits (Swile card) to buy your favorite food every day, for those based in France
  • Great healthcare cover (Alan Blue) to take care of yourself and your family, for those based in France

Company values

  • Radical Trust
  • Supporting SMEs
  • Community of Builders

Company HQ

Chaussée-d'Antin, Paris, France

Founders

Arthur Waller

(Co-founder & CEO)

Founded PriceMatch in 2012, and progressed from Product Owner to Senior Product Owner at Booking.com between 2015-2018. Co-founded Pennylane in 2020.

Felix Blossier

(Co-founder & COO)

Founding Partner of PriceMatch in 2012 and experience as Director General of the French Treasury from 2018-2020. Co-founded Pennylane in 2020.

Alexandre Roquoplo

(Co-founder)

Extensive history in finance since 2013. Founded OneCPA in 2018 before co-founding Pennylane in 2020.

Tancrède Besnard

(Co-founder & CPO)

Co-founded PriceMatch in 2012. Experience as Product Manager for Booking.com between 2016-2018, and current advisor for Predictus. Co-founded Pennylane in 2020.

Salary benchmarks

We don't have enough data yet to provide salary benchmarks for this role.

Submit your salary to help other candidates with crowdsourced salary estimates.

Diversity & Inclusion at Pennylane

Katie Sukholeyster (Talent Acquisition Team Lead)

  • We continuously provide unconscious bias training for all the team members
  • All company successfully attended D&I Workshop
  • Pennylane is a part of Pact Parite Agreement
  • We write job descriptions very carefully and we strive to do our best in ensuring everyone can feel welcome to apply to Pennylane
  • We strive for full diversity and closely monitor our recruiting efforts through metrics and data
  • We provide Mental Health support through our wellness initiatives and benefits to support our team members
  • We are working with D&I Community partners to create valuable and actionable content
  • Pennylane partners with Ada Tech School to provide support and training for the students

Share this job

View 10 more jobs at Pennylane