Senior/Lead Security Engineer - GRC
BUREAU OF TECHNOLOGY – DEVOPS /
LONG TERM CONTRACT (CDI)
Founded in 2014, BackMarket is the first online marketplace dedicated exclusively to refurbished electronic devices. With 158M€ raised already, we are sabotaging ‘new’ by connecting highly selected certified professionals to consumers who are looking for a more affordable, reliable and ecological alternative to purchasing brand new products.
Leading the way in a shift towards a circular economy, freeing the planet from electronic waste, and building a global leading tech company are three solid reasons to wake up very morning. Taking part in BackMarket’s adventure means committing to an ambitious project with a strong social and environmental impact!
We are committed to providing an inclusive, fulfilling and caring work environment in all our offices (Paris, Bordeaux, New-York, Prague and Berlin). This is an opportunity for you to join a talented, humble and passionate team at the heart of innovation : our Bureau Of Technology.
As a Senior/Lead Security Engineer - GRC (Governance, Risks, and Compliance) preserving Back Market's information assets is your main concern.
You will contribute to the ongoing improvement of the company's security posture, while keeping an eye on threat detection indicators. As a leader and educator of best practices you are able to give advices to technical teams but also to work on risk analyses, definition and maintenance of security policies, procedures and action plans, process audits, reviews and monitoring of compliance progress.
We have huge ambitions and we aim for excellence. So we are counting on you to support and advise our teams on the technical security aspect of these challenges.
Required profile :
- You are a talented engineer with at least 3 years of experience in web application security in dynamic cloud environments.
- You are committed by the importance of a risk-based approach to define and maintain the security objectives, policies, procedures and action plans necessary for the successful completion of your mission.
- You are concerned about explaining the reasons for the company's security choices, to ensure that colleagues understand and adopt them, and defining a security requirement without any analysis or foundation is nonsense to you.
- Best practices and standards such as the ISO/IEC 27000 series, including 27005 or EBIOS, 27017, 27018, 27035, OWASP SAMM, OWASP ASVS or CSVS, or CIS benchmarks are among your favorite references.
- You are curious, structured and enjoy exploring new methods and technologies. You are transparent in your communication and are able to find solutions with your team when you don't have an answer.
- You like to share knowledge. The most important for you is to make your colleagues aware of good safety practices, by supporting your proposals with concrete examples and technical demonstrations.
- Your skills are recognized by a standard certification (ISC)² CISSP, CCSP or CSSLP, ISO 27001 Lead Implementer or Auditor, EBIOS Risk Manager, WITHOUT GCCC - or you are ready to obtain it in the near future.
- In-depth knowledge of PCI-DSS and RGPD would be appreciated.
- You want to join a challenging technical environment: AWS, GCP, Kubernetes, Terraform, Terragrunt, Datadog, Spinnaker, Cloudflare, Docker, Aurora, etc., where you can learn, develop and grow your career.
- Great verbal and written communication skills, in English
Recruitment process :
* Call with Yann one of our tech talent acquisition specialist
* Technical interview with members of the tech team
* Team Fit Interview with your Manager and one of your potential futur coworker
* Interview with Quentin our CTO and Co-founder
* Interview with Thibaud our CEO and Co-founder
WHY SHOULD YOU JOIN US ?
• A meaningful job : through hard work, you will help avoid thousands of tons of electronic waste and fight against planned obsolescence. It counts!
• An attractive salary, equity, multiple benefits (meal tickets, health insurance, etc...), parental benefits, remote friendly, relocation package, internal events, etc…
• Technical challenges all day every day : you will have the freedom to innovate and adapt new ideas!
• Work with passionate experts who will share their knowledge and help you develop and grow! (Backademy, technical guilds, Meet-up & Conference)
• Grow your career with a flexible career path, BackMarket can help you evolve!
• A booming scale-up: our environment is rapidly growing in Europe, the USA and soon in Asia!
• A lot of fun : you will have the opportunity to work in a fast paced, open minded and friendly environment.
Backmarket is an Equal Opportunity Employer for any minority, disability, gender identity or sexual orientation.