Senior Security Engineer

Our mission
? Creating the freedom for SMEs to succeed in business and beyond, by delivering Europe's leading finance workspace. We combine business-class tools (seamless invoicing, spend management, and pre-accounting) with unwaveringly attentive 24/7 support, designed to help businesses breeze through all things finance.

Our journey:
Founded by Alexandre and Steve in July 2017, Qonto has rapidly gained trust, serving over 600,000 customers. Thanks to our wonderful team of 1,600+ Qontoers, we also made it to the LinkedIn Top Companies French ranking

Our values:
Customer focus |
Prioritize customers in everything you do

Ownership |
Own your part, get things done

Teamwork |
Make (team)work easy

Mastery |
Continuously raise the bar

Integrity |
Always do what's right, and respect people

Our beliefs:
At Qonto, we're committed to fostering a welcoming environment where everyone can thrive. We prioritize evaluating applicants based solely on skills and potential, ensuring diversity with 55% international team members, 44% women, and 20% parents. Join us in building a workplace that celebrates diversity and individuality.

Discover the steps we took to create a discrimination-free hiring process.

Mission:
Join us as a
Security Engineer
to protect our company and our clients while adopting a pragmatic approach to security that enables us to scale the business safely and rapidly as we start the journey to become a Credit Institution

Impact:
As a
Security Engineer
, you will work on keeping Qonto's systems and applications bulletproof. You will audit our applications, find creative ways to abuse and secure our infrastructure, and work on exciting security features to protect our growing user base.

You will join our security team led by Ayoub, our Security Director. You will report directly to Pierre, our Security Team Lead, and join a team composed of 8 Security Engineers.

As a Security Engineer at Qonto, you will

• Apply your strong security expertise to secure our exciting tech stack: AWS, Kubernetes, Kafka, MacOS, Golang, and so on…
• Leverage your threat modeling knowledge to shape the roadmap of the team and prioritize the most impactful projects.
• Develop and implement internal tools to find security vulnerabilities, mitigate them, and detect suspicious behavior.
• Work with product and developers during system, code, and design reviews to ensure that Qonto's applications are built according to top security standards.
• Share your knowledge with the team through everyday feedback and internal training.
• Investigate security incidents and perform forensics analysis.
• Enrich your security expertise and contribute to making Qonto an increasingly reputable company in the InfoSec domain.

What You Can Expect

• Spend time designing robust and scalable solutions. The security team at Qonto "does tech": they build the systems on AWS, pair with developers on Go apps, and work closely with the infrastructure team on Kubernetes,
• Collaborate with other teams from Developers to Ops engineers: be a part of a team that doesn't just "create tickets" but directly contributes to improving the system.
• Contribute with autonomy in the security of the system: identify vulnerabilities, perform PoC, build mitigation, and detection rules.
• Grow your career: the team is relatively small and in construction, so there are a lot of opportunities and things to do

Your future manager
Your future manager will be Pierre, who is in charge of the Security team

His Background?
He started his career performing internal pentests for banks or European institutions. He switched to the Blue side by joining Qonto as the first security engineer and laid the foundations for many security systems like our monitoring and detection system or the web application firewall.

What does he bring to the team?
Together with the team, they approach security issues from first principles, break down the threat model, and find innovative ways of solving hard security problems without compromising the flexibility and productivity of employees and customers.

About You
Experience
: You are familiar with common attack scenarios, either through your experience as a pentester or auditor or as part of a blue team working in a Cloud-based environment.

Mastery:

• Cloud experience (AWS, GCP, or similar cloud provider) - MANDATORY: You must have hands-on experience working with cloud infrastructure
• Programming skills - MANDATORY: You are able to code and build solutions (Python expected, Golang is a plus, or any language demonstrating strong development capabilities)
• You have a strong knowledge of how web applications and internet work and of secure coding best practices and OWASP
• You are able to recognize application and system vulnerabilities and exploit them.
• You know how to safely orchestrate deployments on CI/CD pipelines (handling secrets, avoiding cache poisoning, isolating jobs, etc.).
• You know how to investigate security incidents using forensics tools.

Mindset
:

Problem-solving
: You are pragmatic and solution-oriented.

Continuous improvement
: You can and are willing to learn about technologies you may not yet master (Kafka, Swift on iOS, Golang, etc.)

Curiosity
: You are curious, open-minded, and passionate about information security. You are reasonably up to date about current threats and actively exploited systems, plus you are ready to learn about new technologies and new tools.

Teamwork:
You have good communication skills and know-how to work with a team.

Languages:
You are fluent in English.

At Qonto we understand that true diversity isn't just about ticking boxes on a hiring checklist. Apply regardless of the boxes you tick Who knows? You may have the missing piece of the puzzle we've been searching for all along
Perks
A tailor-made and dynamic career track. An inclusive work environment. And so much more to help you succeed.

• Offices in Paris, Berlin, Milan, Barcelona, and Belgrade;
• Competitive salary package;
• Meal vouchers;
• Public transportation reimbursement (part or global);
• A great health insurance (depending on the country);
• Employee well-being initiatives: access to Moka Care to take care of your mental health and great offers for sports and wellness activities;
• A progressive disability and parenthood policy (1 in 6 of Qonto employees is a parent) and childcare benefits with selected partners;
• Monthly team events.

Our hiring process:

• Interviews with your Talent Acquisition Manager and future managers
• A remote or live exercise to demonstrate your skills and give you a taste of what working at Qonto could be like

Find more information about our interview process on our careers website.

On average, our process lasts
20 working days
and offers usually follow within
48 hours

To learn more about us:

Qonto's Blog | Les Échos I L'Usine Digitale | Courrier Cadres

To know how your personal data will be processed during your application process or to request its deletion, please click here.