Information Security Engineer

Alan is the healthcare super-app offering personalised healthcare & wellbeing to our members.

Founded in 2016 by Jean-Charles Samuelian and Charles Gorintin, Alan is the first independent digital health insurance in France since 1986.

By providing our members with delightful health insurance bundled with innovative healthcare services, Alan's long-term goal is to help all people have a personalized and accessible healthcare experience.

As of today, Alan covers more than 250,000 members, representing over ?160m+ of annualized revenue. We recently raised a further ?185m in a series D funding round bringing the company's total valuation to ?1.4bn. The team is 450+ people and growing. We recently landed in Spain and Belgium , and guess what: the best is yet to come!

How we do it?

At Alan, we have a set of cultural values that guide our approach to work:

• Members first. We put our members first, our team second, our shareholders third.
• Distributed Ownership. We empower everyone to make courageous decisions and to work asynchronously.
• Radical Transparency. We take all our decisions in writing and adopt a direct and honest style of communication.
• Personal & Team Growth. We are self-improving whilst helping others grow. We're no ego-doers and we all edit the company.
• Fearless ambition. We shoot for the moon and work backwards. We push for excellence by focusing on uncomfortable A+ problems.
• Underrepresented folks...

Science shows that you are less likely to apply if you feel you don't have all the necessary prerequisites. If this description matches where you are now or what you'd like to grow into in your next position, we encourage you to apply.

We strive to make our culture as inclusive as possible and believe both the company and its culture are strongest when composed of diverse experiences and backgrounds.

• We have an open salary & equity policy combined with a transparent career path: we base our people decisions on objective criteria.
• We have flexible working hours and leave policy.
• We trust people to work remotely
• We extended the length of parental leave and value this time as professional experience.
• We respect our coworkers gender identity and use their names, pronouns and agreements no matter their legal status.
• We make tough decisions if we see discriminatory remarks.

Information Security at Alan

• We do security as we do everything else - that is, not quite the traditional way, but always in line with our leadership principles.
• We're members-first: the protection of privacy is integral to our promise of obsessing over member delight. Members entrust us with a sensitive and intimate area of their life: their health. We commit to deserving, earning, and retaining their trust. We aim at being thought leaders and best-in-class when it comes to effectively protecting the security of our members' data.
• We're radically transparent: we say what we do and we do what we say. We're not shy of sharing our failures and our opportunities to improve as well as our successes.
• We distribute ownership: we give every Alaner a lot of trust, great powers, and great responsibility. We favor empowerment over restraint. We hold ourselves individually and collectively accountable, rather than relying on bureaucracy and gatekeepers that add friction without actually addressing risks.
• We're fearlessly ambitious: we make bold bets and we're happy to take (smartly calculated) risks. We shoot for the moon, and when we fail we walk away with new learnings.

What you'll be doing

The Security function at Alan went from 0 to 1 over the past 2 years. We are now pivoting it from 1 to n.

By joining the team, you will contribute to bringing Alan's Security and Privacy frameworks to the next level, in line with the industry's best practices and standards, so that the company is recognized as best in class.

Working side by side with the DPO task force and you'll maintain close collaboration with members of other communities (Engineering, Data, Customer Care, Product, Insurance, Operations, Corporate...), with an impact on the entire company and beyond.

Non-exhaustive list of responsibilities:

• Participate in building and running the security organization
• Risk assessment
• Definition, documentation, and implementation of Alan's security posture, policies, and procedures
• Security and data protection audits
• Generating and maintaining useful, structured, and reusable documentation
• Security Ops

Improve Alan's security

• Remove blind spots on our own vulnerabilities
• Provide input and support to product teams and track progress on identified opportunities for improvement
• Provide expert support to other communities
• Support Product, Eng, Ops
• Review product briefs and proposals
• Advise on feature framings
• Review code and changes impacting sensitive areas
• Assist communities in the security aspects of supply chain management
• Is it you we're looking for?
• We're looking for a pragmatic and hands-on experienced security engineer (6+ years) willing to do security differently.

Here are the hard skills that we will help you being successful in the role:

Solid general technical culture in network and cloud infrastructure:

• TCP/IP networks
• UNIX/Linux
• Web applications (front & back)
• At least one cloud infrastructure provider (AWS, GCP, Azure...)

Solid security expertise:

• Cryptography
• Identity and access management
• Technical vulnerabilities (at least OWASP Top 10) and how to mitigate them

Software development: although this isn't a software engineer profile, we seek candidates who can:

• understand and review code to suggest secure design options and surface vulnerabilities
• build and integrate tools
• code scripts to automate security-related activities.
• English is our daily work language
• Perks & Benefits

At Alan, we believe that being in good health is a basic need, and it starts with our employees. This is why Alaners are provided with a stimulating environment and perks for them to be happy, efficient and spend only high-quality time with co-workers.

Therefore, we offer:

• Flexible Office. Amazing office space in the headquarters, sponsored co-working hubs or a full-remote experience for those who want, with home office equipment sponsorship.
• We reward fairly. Competitive Salary and generous equity packages
• All the tools you need. Top of the range equipment: Macbook Pro, keyboard, laptop stand, monitor, and Bose noise-cancelling headphones
• Flexible vacation policy. Alaners can organize their time off as they wish.
• Delightful healthcare insurance. Extremely comprehensive health insurance - 100% of the contribution covered by Alan for you and your family.
• Transport. Country-specific commuter benefits
• Learning & Training opportunities. A very flexible Training policy at Alan, free books and budget to attend and speak at conferences if the opportunity arises
• Parental leave. Extended parental leave for all new parents.
• Check out our Medium & blog for more info: https://medium.com/alan / https://blog.alan.com/