Application Security Engineer F/M

Lyreco GroupThe Lyreco Group is the European leader and the third largest distributor of workplace products and services in the world. A specialist of the work environment, Lyreco's expertise covers all workplace needs: office supplies, stationery, office...Are you excited for your new career adventure?At Lyreco, we offer more than just a job, but a career! Our IT Team is looking for a talented and ambitious new Application Security Engineer F/M to join our team in HQ in Marly (59).With more than 12,000 employees, Lyreco directly operates in 25 countries in Europe and Asia and covers 17 additional markets on 4 continents through a network of distribution partners.YOUR MISSIONS:As a valued member of our Cyber Security Engineers Team, you will be responsible for integrating security practices into CI/CD pipelines and ensuring code security at every stage of development. You will collaborate with DevOps and development teams to strengthen the security posture of Lyreco digital landscape.In this role, you will:Secure the development cycle (SDLC): Integrate SAST/DAST tools and automate security within CI/CD pipelines.Code review: Analyze source code to identify and fix vulnerabilities.Implement security controls: Ensure relevant security controls (like authentication, access control, data encryption, etc.) are implemented in Lyreco applications.Compliance and security assessment: Ensure applications security compliance with industry standards (ISO 2700X, OWASP, etc.) best practices and Lyreco internal guidelines, participate in security assessment, penetration tests, and support resolving issues after risk assessment.Vulnerability management: Assess, fix, and monitor application security risks.Configure security tools: Select, implement, manage and continuously develop security solutions such as WAF, SIEM, etc.Continuous monitoring and alerting applications thread landscape, and propose relevant countermeasures.YOUR PROFILE:3+ years of hands-on experience in the field of cyber security.Strong technical background in CI/CD and application security tools.Proficiency in securing coding practices (OWASP, CWE/SANS) and web frameworks (JS, SOAP, JSON, etc.), code review (Sonarqube, Checkmarx, Fortify), secrets management (Hashicorp Vault, Azure Key Vault), and certificate management.Experience with cloud security such as Azure, GCP, AWS.Experience with Docker, Kubernetes, and container scanning tools (Trivy, Clair).Understanding of application related vulnerabilities (XSS, CSRF, LFI, etc.) and remediation methods, familiarity with CVSS.Familiarity with web application programming or a deep understanding of web application security challenges.Knowledge of scripting (Python, Bash) and infrastructure-as-code (Terraform, Ansible).Proactive, self-motivated work ethic with demonstrated ability to manage multiple projects and adapt to shifting priorities.Ability to work closely with DevOps and development teams and communicate effectively.A certification in Security is a plus.REASONS TO JOIN LYRECO:A full-time job in a dynamic, passionate, international team.If the above job description interests you and you think you are a good fit, apply now! We look forward to receiving your application. #J-18808-Ljbffr