Senior Application Security Engineer

Are you looking to have an impact on the daily life of millions of entrepreneurs in France (and tomorrow in Europe)

Are you looking for a work environment that values trust proactivity and autonomy

Then Pennylane is the right place for you !

Our vision

We aim to become the most beloved financial Operating System of French SMEs and Accounting Firms (and soon European ones).

We help entrepreneurs rid themselves of time-consuming tasks related to accounting and finance while providing them with access to key financial information to assist in making the best decisions for their business.

About us

Pennylane is one of the fastest growing Fintechs in France (and soon to be in Europe!)

In 5 years of existence weve managed to :

Make ourselves known as a groundbreaking accounting and financial software for small businesses and their accountants

Raise a total of 359 millions including from Sequoia the famous fund from the Silicon Valley who invested early in companies like Google Facebook Airbnb Stripe Paypal and much more...

Grow from 7 cofounders to 1000 happy Pennylaners : were now recognized as one of the greatest places to work in France (and also remotely) with a 4.6/5 rating on Glassdoor.

Build an international environment with more than 25 nationalities with a strong remote-friendly culture where 30% of the employees are already working from all parts of Europe

Earn the trust of thousands of customers and accounting firms and obtain outstanding ratings

Already more thansmall and medium-sized enterprises (SMEs) and over 6000 accounting firms use Pennylane in France!

Team and environment

As we keep on growing (500 people joined Pennylane in 2025!) were seeking an Application Security Engineer to join Louiss team of 5. Youll handle all technical security matters support ISO 27001 compliance and advise employeesespecially developerson security best practices.

The technical security team manages security issues from detection to resolution collaborating with developers and Security Champions when needed.

Your tasks

Security by design : ensure the security of Pennylanes application and infrastructure

• Engage with Product Team to integrate security in our features from from the beginning from design to delivery

• Ensure the security of the main Web application written in Ruby on Rails and ReactJS: its dependencies its code its infrastructure and its configuration

• Conducting code reviews from a secure development point of view (about 80 releases per day).

• Detect vulnerability and propose associated patches

• Raise the security level of our CI/CD configuration

• With the DevOps team secure our AWS infrastructure including its Kubernetes environment (AWS EKS)

Vulnerability Management

• Conduct and perform regular security assessments (internally or by an external consulting companies) on the applications (code reviews/pentests/bug bounty in particular) and the infrastructure

• Strengthen the current means of detecting malicious attempts

• Be involved in all security incidents investigate logs block attacks and propose corrective measures to prevent future threats.

Compliance & awareness

• Ensure compliance with ISO 27001 controls (processes) related to development (mandatory code practices validation patch management vulnerability management etc.) by training developers monitoring projects (tech product) conducting regular internal audits and managing tech non-conformities

• Build/Improve secure development training materials and conduct regular training sessions with the developers. Engaging them in our Security Champions program

• Improve the security awareness through the company

• Contribute to tenders to explain our security policies and provide the necessary technical details

These missions are not exhaustive and remain evolving.

Youre the right candidate if

You ideally have the following skills/experience:

• Able to perform offensive security assessments on an infrastructure and an application

• You know how to exploit and fix a wide range of Web vulnerabilities and are able to explain them to non-technical person (not just the OWASP top 10)

• You already have an experience in a programming language (Ruby Python JavaScript) either for quick and dirty scripting to exploit a vulnerability or for larger projects

• You have an experience in cloud infrastructure security

• You are able to popularize technical terms to facilitate the adoption of security measures within projects or to broadcast messages to Pennylaners

• You are fluent in French and/or English (both oral and written)

Your soft skills :

• You are humble

• You are a team player and working with remote colleagues is not an issue for you

• You are proactive and organized

• You are a quick learner and you like to work on different projects (application security cloud infrastructure training ISO 27001)

What does the recruitment process look like

• You will first have a general chat with Alexandre Talent Acquisition (30min)

• Then youll meet Louis (AppSec Team Lead) and 1 team member for a technical interview (1h)

• You carry out independently the technical challenge for the next 48h

• Then youll discuss about your solutions with Louis and another team member - (1h)

• Finally a last culture fit meeting with Guillaume Head of Security (1h)

We make sure we move fast; you can expect the recruitment process with us to last between 15 and 25 days in total.

What do we do to make your work life easier

Wherever you are based you will get 25 vacations days paid by Pennylane

Youll have a competitive compensation package

Youll get company shares to enjoy a piece of the success story youre building with us

Youll have a budget to turn your home into a more comfortable workspace as well as a monthly allowance to work from a coworking space whenever you feel like it

Through our partner Gymlib youll have access to 8000 fitness spaces in Europe and more than 300 activities related to wellness

Youll get the latest Apple equipment

Depending on the teams and the requirements of the position - youll be able to work remotely from your country of residence as long as it is in Europe and within a maximum time difference of two hours from the CET time zone

We are committed to regularly coming together for company events such as Tech Days (which bring remote Pennylaners together every 3 months) or our annual company seminar fostering significant moments of cohesion for everyone.

If you are based in France you will have a French contract following French regulation on top of the additional perks : 6 to 12 RTT 5 weeks PTOs lunch credits (Swile) Alan Blue healthcare cover and regular events in cities where Pennylaners are mostly presents (Lyon Bordeaux Nantes)

Were working on providing those last advantages to our people based outside of France as well but it can be quite more complex depending on different countries.

Who are we looking for

To thrive at Pennylane you need :

-To speak English (level is assessed and appreciated according to the department youre applying to)

-To be energized by an ever-shifting work environment

-To be highly collaborative (within your team or other stakeholders)

-Sufficiently experienced to prioritize business-led actions on your day to day activity

We know that some people are less likely to apply than others if they dont feel like they meet the full list of criteria.

If youre hesitating we encourage you to apply : who knows it might be the start of a meaningful and long-lasting collaboration.

Important information for candidates

Recruitment scam attempts are on the rise. We invite you to remain vigilant during your exchanges.

Applications through official channels only : apply exclusively through our job postings published on our official platforms (career site official partner pages).

Always verify the senders email address: our communications are sent from professional email addresses with the domains @ or @

We will never ask you for payment or financial information

(bank details payment for an interview equipment purchases etc.) as part of the recruitment process. If such a request is made to you it is fraudulent. We invite you to not respond and to report it to us immediately.

We also want to emphasize that we fully embrace diversity equity and inclusion and that were doing our best to create a safe and inclusive environment.

We are committed to providing an equal employment opportunity regardless of gender sexual orientation origin disabilities or any other traits that make you who you are. If anything diversity makes us a more fun place to work at.

Données personnelles

Pennylane traite vos données pour gérer votre candidature et évaluer votre adéquation au poste. Si votre candidature naboutit pas vos données peuvent être conservées 2 ans à compter de notre dernier échange ou de la clôture du recrutement afin de constituer & gérer un vivier de candidats. Vous pouvez vous opposer à tout moment et demander la suppression de vos données en écrivant à :
Notre data policy

Personal Data

Pennylane processes your data to manage your application and assess your suitability for the position. If your application is unsuccessful your data may be retained for 2 years from our last exchange or the closing of the recruitment process in order to build and manage a candidate pool. You may object at any time and request the deletion of your data by writing to . Learn more

Personenbezogene Daten

Pennylane verarbeitet Ihre Daten um Ihre Bewerbung zu bearbeiten und Ihre Eignung für die Stelle zu beurteilen. Sollte Ihre Bewerbung nicht erfolgreich sein können Ihre Daten bis zu 2 Jahre ab unserem letzten Austausch oder dem Abschluss des Rekrutierungsverfahrens gespeichert werden um einen Kandidatenpool aufzubauen und zu verwalten. Sie können jederzeit Widerspruch einlegen und die Löschung Ihrer Daten beantragen indem Sie an schreiben. Mehr erfahren

Required Experience:

Senior IC