Associate Security Engineer

Spendesk
Paris, France
14 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Paris, France

Tech stack

Bash
Static Program Analysis
Code Review
Computer Security
Continuous Integration
DevOps
Elasticsearch
Identity and Access Management
Python
Log Analysis
Open Web Application Security
PCI Data Security Standards
Runbook
Secure Coding
Web Application Security
Security Information and Event Management
Software Vulnerability Management
Scripting (Bash/Python/Go/Ruby)
Okta
Gsuite
Terraform
ELK
Vulnerability Analysis

Job description

We're building a dedicated Security Engineering function. You'll join alongside a Senior Security Engineer and together form the operational security backbone of the engineering organisation.

Your Mission

You'll be hands-on across vulnerability management, access controls, monitoring, and secure development support. You'll work closely with a Senior Security Engineer who'll mentor you and help you grow, while partnering day-to-day with Infrastructure and product engineering teams.

This is a hands-on engineering role, not a dashboard-watching SOC seat or a governance one: you'll build, fix, and improve, while a separate team owns policy and risk frameworks. You'll learn fast and ship real security improvements from week one. If you like fixing things, digging into alerts, and making systems harder to break, you'll thrive here.

You will sit at the intersection of two domains: as a security engineer, your impact will be directly measured by how effectively you translate second-line-of-defense guidance (from the Compliance and Regulatory team) into practice, while ensuring technical alignment and buy-in from the Product and Engineering organisation you are part of., Vulnerability & incident management

  • Triage vulnerabilities from our bug bounty program, scanners, and dependency checks.
  • Support incident response: develop fixes, track resolution, update tickets, and contribute to post-mortems.
  • Monitor and process security alerts from our SIEM and other monitoring tools.

Identity & access management

  • Implement and maintain SSO/MFA configurations for product and infrastructure systems, leveraging Okta and Google Workspace to manage downstream access rights.
  • Implement roles and access rights per tool and system.
  • Run periodic permission reviews and access audits.
  • Manage production secrets and credential rotation.

Secure development support and tooling

  • Run pre-deployment security checks: static analysis, dependency scanning, container image scanning.
  • Flag issues in code reviews when security patterns are violated.
  • Help engineers understand and fix security findings.

Monitoring & detection

  • Monitor SIEM alerts, investigate suspicious activity, and escalate when needed.
  • Maintain and tune detection rules under guidance from the Senior Security Engineer.
  • Help operate and maintain SIEM infrastructure (ElasticSearch, log collection pipelines).

Security operations

  • Support pentest coordination: prepare test environments, track remediation items.
  • Maintain documentation on security procedures and runbooks.

Requirements

Must-haves:

  • Foundational experience in security engineering, SOC, or a DevOps/SRE role with a strong security focus, eager to deepen across the security stack.
  • Solid understanding of web application security (OWASP Top 10, common attack vectors).
  • Hands-on experience with at least two of: vulnerability scanning tools, SIEM/log analysis, IAM systems (Okta, Google Workspace), or CI/CD security tooling.
  • Comfortable scripting (Python, Bash, or similar) to automate repetitive security tasks.
  • Collaborative mindset: you work across many teams and communicate security issues clearly and constructively. Rather than binary allowed/forbidden calls, you assess and articulate risk through a severity and likelihood lens, bringing teams along instead of acting as a blocker.

Nice-to-haves:

  • Experience with AWS security (IAM policies, Security Hub, GuardDuty).
  • Familiarity with ElasticSearch / ELK stack.
  • Exposure to infrastructure-as-code (Terraform) and container security.
  • Knowledge of compliance frameworks (ISO 27001, SOC 2, PCI-DSS): not as an auditor, but enough to understand why controls exist.
  • Experience in fintech or a regulated environment.

As we are an international team, please submit your application and CV in English.

About the company

At Spendesk, we're building the leading spend management platform for modern businesses, processing billions of euros across Europe and beyond. Security is at the heart of what we do: our customers trust us to safeguard their financial data, and we're committed to raising the bar for security in fintech., Spendesk is the AI-powered spend management and procurement platform that transforms company spending. By simplifying procurement, payment cards, expense management, invoice processing, and accounting automation, Spendesk sets the new standard for spending at work. Its single, intelligent solution makes efficient spending easy for employees and gives finance leaders the full visibility and control they need across all company spend, even in multi-entity structures. Trusted by thousands of companies, Spendesk supports over 200,000 users across brands such as Payfit, Accor, Welcome to the Jungle, Swile, Big Mamma, Malt and Yousign. With offices in the United Kingdom, France, Spain and Germany, Spendesk also puts community at the heart of its mission., We believe that people do their best work when they're given the freedom to thrive and grow. That's why liberation is at the core of everything we do. We empower Spendeskers to take ownership of their work, to navigate ambiguity, and seize every opportunity. Spendeskers come from all over the world (35+ countries and counting!) but we have plenty in common: we're bold, ever-curious, committed to kindness, and tackle every challenge with a positive mindset.

Apply for this position