Senior Application Security Engineer

Company: Pennylane
Apply for the Senior Application Security Engineer
Location: London
Job Description:

Our Vision

We aim to become the most beloved financial operating system of French SMEs and accounting firms (and soon, European ones). We help entrepreneurs rid themselves of time‑consuming tasks related to accounting and finance while providing them with access to key financial information to assist in making the best decisions for their business.

About Us

Pennylane is one of the fastest growing fintechs in France. In five years of existence, we have raised a total of €359 million and have grown to a team of more than 1,000 employees. We build an international environment with more than 25 nationalities and a strong remote‑friendly culture. We are recognized as one of the greatest places to work in France.

Team and Environment

As we keep on growing, we are seeking an Application Security Engineer to join Louis’s team of 5. You will handle all technical security matters, support ISO 27001 compliance, and advise employees—especially developers—on security best practices. The technical security team manages security issues from detection to resolution, collaborating with developers and Security Champions when needed.

Security by Design

  • Engage with the Product Team to integrate security in our features from the beginning, from design to delivery.
  • Ensure the security of the main Web application written in Ruby on Rails and ReactJS: its dependencies, code, infrastructure, and configuration.
  • Conduct code reviews from a secure development point of view (about 80 releases per day).
  • Detect vulnerabilities and propose associated patches.
  • Raise the security level of our CI/CD configuration.
  • With the DevOps team, secure our AWS infrastructure, including its Kubernetes environment (AWS EKS).

Vulnerability Management

  • Conduct and perform regular security assessments (internally or through external consulting companies) on the applications (code reviews, pentests, bug bounty in particular) and the infrastructure.
  • Strengthen the current means of detecting malicious attempts.
  • Be involved in all security incidents, investigate logs, block attacks, and propose corrective measures to prevent future threats.

Compliance & Awareness

  • Ensure compliance with ISO 27001 controls (processes) related to development (mandatory code practices, validation, patch management, vulnerability management, etc.) by training developers, monitoring projects, conducting regular internal audits, and managing technical non‑conformities.
  • Build or improve secure development training materials and conduct regular training sessions with developers, engaging them in the Security Champions program.
  • Improve the security awareness throughout the company.
  • Contribute to tenders to explain our security policies and provide the necessary technical details.

Qualifications

  • Ability to perform offensive security assessments on infrastructure and applications.
  • Know how to exploit and fix a wide range of web vulnerabilities and be able to explain them to non‑technical persons (not just the OWASP Top 10).
  • Experience in a programming language (Ruby, Python, JavaScript) for scripting or larger projects.
  • Experience in cloud infrastructure security.
  • Ability to popularize technical terms to facilitate the adoption of security measures within projects or to broadcast messages to peers.
  • Fluent in French and/or English (both oral and written).

Soft Skills

  • Humble.
  • Team player; able to work with remote colleagues.
  • Proactive and organized.
  • Quick learner who enjoys working on different projects (application security, cloud infrastructure, training, ISO 27001).

Benefits

  • 25 vacation days paid by Pennylane.
  • Competitive compensation package.
  • Company shares.
  • Budget for a dedicated workspace and allowance to work from coworking spaces.
  • Access to fitness spaces through partner Gymlib.
  • Latest Apple equipment.
  • Remote work allowed from any European country within two hours of CET, or based in France with a French contract following French regulation, including 6 to 12 RTT, 5 weeks PTO, lunch credits, health cover, and regular events in major cities.

Who Are We Looking For

  • Speaks English (level assessed and appreciated).
  • Thrives in a rapidly changing work environment.
  • Highly collaborative within own team or other stakeholders.
  • Experienced enough to prioritize business‑led actions on a day‑to‑day basis.

Equal Employment Opportunity

We are committed to providing an equal employment opportunity regardless of gender, sexual orientation, origin, disabilities, or any other traits that make you who you are. If anything, diversity makes us a more fun place to work at.

Data Privacy – French

Pennylane processes your data to manage your application and assess your suitability for the position. If your application is unsuccessful, your data may be retained for 2 years from our last exchange or the closing of the recruitment process, to build and manage a candidate pool. You may object at any time and request the deletion of your data by writing to dpo@pennylane.com.

Data Privacy – English

Pennylane processes your data to manage your application and assess your suitability for the position. If your application is unsuccessful, your data may be retained for 2 years from our last exchange or the closing of the recruitment process, to build and manage a candidate pool. You may object at any time and request the deletion of your data by writing to dpo@pennylane.com.

Data Privacy – German

Pennylane verarbeitet Ihre Daten, um Ihre Bewerbung zu bearbeiten und Ihre Eignung für die Stelle zu beurteilen. Sollte Ihre Bewerbung nicht erfolgreich sein, können Ihre Daten bis zu 2 Jahre ab unserem letzten Austausch oder dem Abschluss des Rekrutierungsverfahrens gespeichert werden, um einen Kandidatenpool aufzubauen und zu verwalten. Sie können jederzeit Widerspruch einlegen und die Löschung Ihrer Daten beantragen, indem Sie an dpo@pennylane.com schreiben.

#J-18808-Ljbffr…

Posted: July 6th, 2026