Senior Security Engineer Fullremote

Swile (swile.co) is a French start-up created in 2017 by French serial entrepreneur Loïc Soubeyrand : Swile offers digital solutions for employee rewards and benefits (meal/food vouchers and corporate gifts) through a card and an app that also helps foster engagement. We disrupted the traditional and outdated French paper meal voucher market and were able to gain significant traction. After mastering meal vouchers, Swile is now tackling new rewards and benefits (meal vouchers, corporate gifts, transportation and commuter benefits, vacation allowances and more) that will be stored and managed via a single account, card and app.

Our ambition is to enable employers to also improve their employees' engagement and experience by recognising key moments and milestones of their lives at work. As such, celebrations (birthdays and work anniversaries), money pots, team events, P2P payments among coworkers are brought together in a single app.

As of today, we have raised €11 million (Series A) in 2018, €30 million (Series B) in 2019 and more recently, we completed a third round of fundraising (series C) of €70 million, spearheaded by Index Ventures. After an in-depth study of the growth potential for Swile across global markets, the company is poised to expand into the Brazilian market this year as Brazil is the world's largest employee benefits market and more generally the perfect place to develop our new HR features namely our "Engagement" offer.

Job description

At Swile, the Innovation department (80 tech) is divided into 14 feature teams spread over our 4 Tribes :

• Corporate (our clients; B2B companies)
• Employees (our users; employees who use our app and the Swile card)
• Affiliates (our affiliate partners; restaurants / GMS brands / marketplace / e-commerce site, etc.)
• Core (our cross-functional teams; security, finance, payment, engineering efficiency, platform & secops, etc.)

Our technology is mainly made up of web developers experienced in Ruby / Ruby-on-Rails (40%) and JS Node & React (60%) technologies and frameworks, fullswift iOS mobile side and fullKotlin Android.

The Swile platform is made up of several web applications and micro-services, each of which has its own database and API. Our infrastructure is hosted on AWS and described in Terraform. We are starting a migration of all our servers to Kubernetes⚙️

Joining Swile means working on a service with very high potential, which is deployed internationally (LATAM), and which involves real technical challenges; scalability, user traffic, B2B2C, payment…

• Our IT relies on a fleet including macOS, Windows workstations, an Azure ADDS, MDM and collaborative tools like Google Workspace
• We are looking for our first Senior Security Engineer !

Your team: Attached to the CORE Tribe, you will join our Platform & SecOps Team (5 tech: 3 Devops/SRE, 1 Engineering Manager and 1 Security trainee). Your team is engaged to design, build and operate our cybersecurity immune system in a context where we must combine the security level of a bank with the agility of a scale-up.

Your role: Build and operate our offensive and defensive cyber security strategy. As we scale our company quickly, we need to adapt our security architecture to emerging threats, technologies and regulations. You will be responsible for implementing our security roadmap and monitoring every action in the field. As a leader and educator of best practices, you are able to give advice to teams but also to contribute to the whole security lifecycle: collecting threat intelligence, defining and implementing security policies, offensive testing, monitoring and incident response.

Your mission :

• Anticipate threats and gather intelligence
• Automate security controls and monitor systems
• Offensively test our systems (pentest, social engineering, red/blue team)
• Manage security incident response and forensic
• Animate security communities and participate to security awareness
• Taking part or/and leading one of our "guild" (community of developers around specific stack).

Preferred experience

• +3 years on security engineering
• A first experience in software engineering, IT management, security auditing, or DevOps / SRE is interesting
• Master a scripting or a development language
• One or more superpowers in AppSec (Ruby, nodejs), ITSec (Google, Mac, Windows, AD) or SecOps (AWS, kubernetes) are appreciated
• A practice in ethical hacking (offensive testing, OSCP like certification, bug bounty, CTF, …)
• A love for security challenges, problem-solving and a strong attention to detail with an analytical mind
• An obsession with automation

Recruitment process

• Video screen: 20-30 minutes (Tech Recruiter x candidate) with Julien
• Hiring manager interview: 1 hour (evaluation of soft/hard skills, teamfit, background, team/job information) with Edouard DEVOUGE & Senior Tech Recruiter
• Tech case: 1h30 case study and tech, tools, method & organization questions
• Swil'Interview: 45 minutes / During this stage all our Swilers can be called upon and contribute to the assessment of the skills of our candidates (focus on culture and values). The interviewers will be able to meet the candidates without cognitive bias and have constructive feedback on their interpersonal skills and know-how. Involving all of our employees in the success of our recruitments is an integral part of our culture and our values
• Final Round: 45 minutes / CTO or Tribe Director Interview