Senior Application Security Engineer
4 days ago
Barcelona
ph3About PayFit /h3 pDo you want to help shape what the future of work will look like and how it will best embrace our life's aspirations? If this sounds like a journey you want to embark on, we may have the right role for you! PayFit is an intuitive software-as-a-service payroll and HRIS solution designed specifically for SMBs. Since 2015, we have set ourselves a mission to simplify payroll for SMBs and enable employers and employees to grow together. We are a European company operating from three main countries (France, Spain, and the UK) where we support over 20,000 clients. /p h3Location /h3 pYou can work at this role from any location in France or Spain, with occasional visits to the Paris office. /p h3Position Overview /h3 pWe're looking for a Senior Application Security Engineer to join our Application Security team, part of the Engineering Platform tribe. You'll be the AppSec engineer closest to our product engineering teams, not the gatekeeper at the end of the pipeline, but the partner who helps developers ship secure software by default. You'll drive a meaningful shift-left across the SDLC, mentor the rest of the security team, and bring an offensive mindset to how we test our own applications, including how we leverage AI to pentest them. /p pThis is a senior individual contributor role with strong influence. You'll work alongside another Security Engineer and our Compliance Analysts, and partner daily with infrastructure, platform, and product engineering teams to keep PayFit secure as we scale across Europe. /p h3Your Mission /h3 h3Shift Security Left Across the SDLC /h3 pEmbed security into how PayFit builds software. Partner with product teams from design to deployment; threat model new features, review architecture decisions, perform code reviews, and help developers internalize secure-by-default patterns. Make security a multiplier, not a bottleneck. /p h3Drive Offensive Testing of Our Applications, Including with AI /h3 pRun internal application pentests with an attacker mindset and explore how AI can be used to scale and deepen our offensive testing, from automated reconnaissance to AI-assisted vulnerability discovery on our own codebase and APIs. Turn findings into concrete remediation plans and reusable detection patterns. /p h3Secure the SDLC in the Age of AI /h3 pHelp define how PayFit builds software securely when AI is part of the toolchain, from AI-assisted code generation in developer workflows to agentic systems we operate internally. Contribute to guardrails, review patterns, and threat models for AI-augmented development and AI features in our product. /p h3Build and Operate AppSec Tooling /h3 pDeploy and maintain security tooling across our CI/CD pipelines: SAST, SCA, container and image scanning, secrets detection, and supply chain controls. Build automation in TypeScript to scale security across our AWS and Kubernetes/EKS estate, integrating with our existing toolchain (GitHub, CircleCI, Spacelift, Wiz, Datadog, Jira). /p h3Grow the Team and the Security Culture /h3 pMentor the other members of the Security Compliance team and raise the security bar across engineering. Lead awareness sessions, write standards, run training, and animate the security community at PayFit. Make others better. That's a core part of the job. /p h3Handle Vulnerabilities and Incidents /h3 pTriage HackerOne reports, follow up on findings with engineering teams, and contribute to incident response: investigation, coordination, and post-mortem. Identify systemic issues behind individual findings and drive durable fixes. /p h3What we are looking for /h3 ul li5+ years of experience in security, with a strong Application Security focus and a background in software engineering or DevOps /li liSolid cloud security knowledge, with a strong advantage for AWS (IAM, Secrets Manager, Organizations, Identity Center), and with the ability to design and review secure cloud-native architectures /li liHands‑on experience reviewing the security of applications across architecture, code, and infrastructure, with a risk-driven approach /li liComfortable with application security fundamentals: authentication and authorization, encryption, integrity, logging, supply chain /li liOffensive mindset: experience running application pentests, exploiting vulnerabilities, and translating findings into actionable remediation /li liCoding skills in TypeScript (for code review and building security tooling) /li liExperience working in modern SaaS ecosystems: IaC, GitOps, DevSecOps, CI/CD (Terraform, GitHub, CircleCI, Helm, or equivalents) /li liStrong communication skills: you can talk to developers as a peer, explain risk to non-security audiences, and influence without authority /li liA genuine taste for mentoring and growing others /li liProfessional English: written and spoken /li /ul h3Nice to Have /h3 ul liExperience in pentesting or securing AI/LLM-powered applications, or using AI tooling for offensive security /li liWorking knowledge of Kubernetes security in production environments /li liExperience with bug bounty programs (HackerOne or equivalent) /li liFamiliarity with security observability and detection tooling (SIEM, Datadog, Wiz, or similar) /li liExposure to compliance frameworks (ISO 27001, SOC 2, DORA); useful given our team setup /li /ul h3Our Stack /h3 ul liTechnical stack: TypeScript, AWS, Kubernetes, Helm, Terraform /li liCode delivery: GitHub, CircleCI, ArgoCD, Spacelift /li liSecurity observability: Wiz, Datadog, HackerOne, Burp Suite /li liProject management and knowledge: Jira, Notion /li liCommunication: Slack, Gather, Meet /li /ul h3Why Join PayFit /h3 ul liReal impact: You'll directly shape how 20,000+ businesses across Europe trust us with their payroll and HR data /li liSenior IC role with reach: You influence engineering at large, not just the security team /li liPragmatic security: We care about real risk reduction, not theater /li liAI-forward security: A real mandate to explore AI in offensive security, not a buzzword /li liModern stack and modern practices: Cloud-native, GitOps, DevSecOps, and the autonomy to shape them /li liAI-First Developer Experience: We fully support and fund the use of AI agents (Claude Code, Codex, OpenCode, etc.) to automate routine tasks, accelerate refactoring, and minimize "toil," allowing you to stay in a state of deep flow. /li /ul h3What We Offer /h3 ul liFlexibility: Work away from our main offices, within France or abroad for a defined period. Further requirements may apply depending on the role and your overall experience. /li liLearning Development: Comprehensive learning platform, English language courses to improve business communication. /li liCareer Development: Opportunities for internal moves and choosing your growth direction. /li liHealth insurance: Henner Mutuelle Insurance (60% covered by PayFit, free coverage for children). /li liTransportation: 50% of public transportation costs covered for those living within the Ile de France region, or assistance with sustainable mobility. /li liMeals: Restaurant card with Swile (9€ per workday) covered at 60% by PayFit. /li liA Work Council grant: Monthly allowance to be spent on culture, sports, personal services, etc., and a vacation bonus. /li liHome office budget: Contribution in € per year to help you get set up in the best conditions. A MacBook is the standard working tool. /li liParental support program: Salary maintenance during the first month of additional parental leave. /li liTime off: 25 days of holidays + RTT days (depending on contract). /li /ul h3Disability Inclusion /h3 pAll of our positions are open to any person living with a disability. To guarantee equal treatment and opportunities, we will take, based on individual needs, appropriate measures to adapt the work conditions of PayFiters with disabilities, and if needed also during the recruitment process. Please let us know what you need and we will do our best to accommodate! /p /p #J-18808-Ljbffr