Application Security Engineer

Aircall is a place where voices are valued.
 
Backed by over $220 million of investment since 2015, we create technology that fuels accessible, transparent and collaborative communication to empower our base of 12,000+ customers (and growing) to make authentic, human connections.
 
Conversation is a cornerstone of our culture. Wherever our people find themselves in the Aircall world – Paris, New York, Sydney, Madrid, London, Berlin, Tel Aviv, or at home – everyone has a voice that is valued.
 
Whatever your background, wherever you’re from – we want you to join the conversation. Let’s talk.
 
 
As an Application Security Engineer, you will be responsible for fostering and maintaining a good security posture on our infrastructure, application and processes to help other teams deliver customer value on top of Voice.
 
Security testing best practices, evangelization, and mentoring in your team and across the whole of Engineering will be part of your day to day job.
 
Quality, excellence, and agility drive our delivery processes and you will help us level these up. Using modern tools (Rails, TS, Terraform, ...) on AWS, we build added value and resilient services on top of voice and fully integrate with our customers’ business critical tools (CRM, Helpdesk, E-Commerce, …).

Your mission @Aircall:

      • Driving improvements to Aircall’s security posture through strategic planning and collaboration with both development and infrastructure teams, with trust, autonomy and influence
      • Ensuring the security testing across Engineering to ensure best practices are applied and a security first mindset, continues to be ever present within the organisation
      • Having key security related responsibilities within automated test design, architecture, and end-to-end delivery of key modules
      • Contributing code to our applications and services to address vulnerabilities and evolving our codebases toward secure coding practices
      • Collaborating with Product and Engineering to balance security risk with product advancement
      • Communicating risks to engineering staff and assisting leadership through consulting, training and technical demonstration of vulnerabilities and secure design patterns
      • Sharing knowledge by giving brown bags, tech talks, and evangelizing appropriate tech and engineering best practices
      • Contributing security-focused feedback to engineers during all phases of the development lifecycle
      • Ensuring security bug tracking, bug bounty operation and scanner results triage
      • Being involved in new features development to ensure security breaches are not introduced
      • Being part of an engineering organization delivering high quality, secure, voice solutions to Aircall clients.
      • Contributing to investigations of any actual or potential information security risks or breaches, and develop mitigating plans and coordinate the incident response
      • Staying up to date on current and future security technology and trends and act as a key advisor to align business and security
 
 

A little bit more about you

    • You have at least 2+ years of experience in Security
    • You have a comprehensive understanding of risk management
    • You have a good understanding of attack patterns to design and develop proper security testing. Being business centric minded is a necessity to pinpoint potential security breaches
    • You understand the secure development process and other best practices and are accustomed to using systems such as Jira, Confluence, BitBucket, GitHub, GitPrime, etc.
    • You have experience in identifying, debugging and solving complex security related production issues
    • You are used to working in Agile teams and look for and implement continuous improvement, but you also appreciate good process and quality assurance in mitigating risk and improving quality and security
    • Experience working with external security testing companies to deliver specific requirements, e.g. penetration testing and certifications
    • You’re familiar with modern web security, and have experience with JS, TS and/or Ruby on Rails
    • A practical understanding of data privacy / GDPR
Aircall is constantly moving forward. We’re building new roads to complete our journey, and we’re taking people with us who have the same builder mentality.
 
Let’s grow together: Aircall is a place for those who dare to be bold and seek responsibility, excellence, and the opportunity to push themselves to new heights.
 
We’re creating a place where great people trust one another and thrive together.
 
People flourish at Aircall and now is the time to be part of the team and the journey we’re on.
 
Why join us?
 
🚀 Key moment to join Aircall in terms of growth and opportunities
💆‍♀️ Our people matter, work-life balance is important at Aircall
📚 Fast-learning environment, entrepreneurial and strong team spirit
🌍 45+ Nationalities: cosmopolite & multi-cultural mindset
💶 Competitive salary package & benefits
 
DE&I Statement: 
At Aircall, we believe diversity, equity and inclusion – irrespective of origins, identity, background and orientations – are core to our journey. 
 
We pride ourselves on promoting active inclusion within our business to foster a strong sense of belonging for all. We’re working to create a place filled with diverse people who can enrich and learn from one another. We’re committed to ensuring that everyone not only has a seat at the table but is valued and respected at it by providing equal opportunities to develop and thrive.  
 
We will constantly challenge ourselves to make sure that we live up to our ambitions around diversity, equity and inclusion, and keep this conversation open. Above all else, we understand and acknowledge that we have work to do and much to learn.