Senior DevSecOps Engineer

Job Description — Senior DevSecOps Engineer (Offensive Security Focus)Location: Hybrid (Paris) or Remote (France/Europe)Department: Cybersecurity / DevSecOpsSeniority: Senior / ExpertDuration: 1 year (renewable)Contract: Full-time (Freelance)About the roleWe’re looking for a Senior DevSecOps Engineer with a strong Offensive Security mindset to elevate our application security across the full SDLC. You’ll combine hands-on penetration testing skills with modern DevSecOps practices to find real-world risks, automate security controls, and help engineering teams ship secure software faster.You’ll work closely with developers, cloud/platform teams, and architects to integrate security into CI/CD, strengthen cloud-native workloads, and build a strong secure engineering culture.What you’ll doOffensive Security / Application SecurityPerform targeted penetration tests on web, API, mobile, and cloud-native applications.Conduct threat modeling and adversarial analysis on critical services.Identify, exploit, and validate vulnerabilities to assess real impact and exploitability.Perform secure code reviews (manual and tooling/AI-assisted).DevSecOps IntegrationImprove SAST, SCA, DAST, IaC, and container scanning in Azure DevOps pipelines (Snyk experience is a major plus).Automate security gates and enforce quality thresholds in CI/CD.Build custom security checks, scripts, and DevSecOps automations.Improve developer workflows by providing secure coding guidance and actionable fixes.Secure SDLC & Continuous HardeningRun security reviews for new applications and major releases.Support Security Champions and coach development teams.Participate in incident response and post-mortems for security issues.Collaborate with Cloud Security on posture management and remediation.Security Automation & AIDevelop or tune AI agents to support vulnerability analysis and remediation.Automate correlation of findings across tools (SAST/SCA/Cloud).Contribute to internal security dashboards and metrics (Power BI, API integrations).What we’re looking forRequired experienceStrong track record in application penetration testing (OWASP Top 10, API attacks, auth bypass, RCE, business logic flaws).Strong understanding of secure coding (C#, Java, JS/TS, Python, etc.).Familiarity with DAST tools plus manual exploitation techniques.Deep knowledge of authN/authZ (OAuth2, OIDC, JWT).Strong grasp of DevSecOps architecture and SDLC best practices.Hands-on experience with:Azure DevOps pipelinesAzure Cloud (App Services, Functions, IAM, Storage, Key Vault)Container security (Docker, Kubernetes basics)Snyk (SAST/SCA/IaC/Cloud) (highly valued)Tooling & frameworksBurp Suite, ZAP, Nmap, Postman, Metasploit, custom scripts.Threat modeling methods (MITRE ATT&CK, STRIDE).Source code review with or without tooling.Soft skillsAbility to challenge designs and architectures from an attacker’s POV.Clear communication with technical and non-technical stakeholders.Strong ownership, mentoring mindset, and leadership on security topics.Analytical thinking, problem-solving, pragmatism.Nice to haveCertifications (preferred, not required): OSWE / OSCP / OSEP / GWAPT, AZ-500 / AZ-400 or similar.Experience in large enterprise environments.Experience with AI-assisted AppSec tooling and workflows.Why join usHigh-impact role with real ownership over AppSec and DevSecOps practices.Modern cloud-native stack (Azure) and a strong focus on automation.Opportunity to blend offensive security with engineering enablement and AI-powered security.