Senior Security Engineer

The opportunity

In the context of a rapid growth and a strong focus on AI adoption, Pigment’s security team is well established and expanding in the area overseeing its engineering operations, with a broad project portfolio to bring to fruition. 

This position will contribute in the execution of this very exciting roadmap with a strong focus on application and infrastructure security, and will allow the candidate to acquire or improve a wide range of skills from governance to technical expertise, reporting to the CISO. Our operations are notably integrated into a rigorous SOC 2 and ISO 27001 certification framework.

This role encompasses a broad range of security domains. While immediate expertise in all areas is not required, proficiency across these fields will be beneficial.

Key responsibilities include:

• Security Strategy & Roadmap: Define a risk-driven security roadmap for Pigment's product and infrastructure. This includes designing new security features within the product and continuously enhancing defense-in-depth controls. Prioritise the roadmap items, and exercise influence on the product and engineering team to obtain their buy-in in their delivery

• Technical Security Advisory & Risk Assessment: Serve as a security advisor for developers, product managers, and other key stakeholders. Proactively identify and assess project-related risks and conduct thorough security reviews of code, architecture, and configurations. Deliver actionable solutions that strike an acceptable balance between risk and business benefit, escalating any high-stakes occurrences that require senior management intervention or arbitration.

• Security Assurance & Testing: Participate in security assurance activities, such as coordinating third-party audits, conducting internal code, architecture and configuration reviews, managing red team exercises, and overseeing the bug bounty program. Facilitate the compliance efforts by measuring and managing controls KPIs 

• Vulnerability Management: Drive the end-to-end vulnerability remediation process, covering detection, reproduction, scoring, triage, prioritization, design or validation of mitigation strategies, verification of remediation, and management/improvement of vulnerability KPIs.

• Monitoring & Incident Detection: Continuously improve our security monitoring and incident detection capabilities, working with infrastructure and development teams to identify and collect relevant datapoints, identify security events having a high signal/noise ratio and implement alerts and response playbooks for them.

• Incident Response & Automation: Contribute to security investigations related to incident response and fraud. Develop automated routines to enhance efficiency in these areas.

• Security Evangelism: Participate in developing and delivering employee security awareness training. Act as a security evangelist, particularly for key internal groups such as product teams and developers and SREs.

Example projects that would fall under the remit of the candidate:

• Drive the secure design and development of Pigment’s AI-powered features (including MCP Server and Modeler Agent) by performing threat modeling, conducting  design reviews, partnering closely with engineers, and performing security assessments.

• Continuous improvement of the implementation of least privilege across the production environment, and CI/CD

• Improve the efficiency of Security processes, leveraging automation and AI systems (ex: SIEM)

Environment

The scope of this role is centered around the production environment (although some projects could be related to internal IT security) 

• Sites in Paris, London and NYC 

• Macos, Windows, Linux

• GCP, Kubernetes, Terraform, Postgres, SingleStore, Vault

• Okta, OAuth, JWT, C#, .NET Core, TypeScript, React, Python, Go

• Datadog (SIEM), CloudFlare ZTNA, Falco, Wiz, Riot

• Google Workspace, Jumpcloud, Vanta, Hibob, Slack, GitHub, HackerOne

• Compliance: SOC1, SOC2, ISO27001

Who you are

You have at least 5 years of experience on security topics, either as Security Engineer or Security consultant (of course, you can be more experienced too).

• You are hands-on (the position does not include people management).

• You have strong technical expertise in security and broad background in tech (development, databases, networking, web, etc)

• You have great team spirit with a problem-solving, can-do attitude.

• You have a good dose of humility and the willingness to grow and help your team grow (no matter your seniority).

• You speak English fluently.

The opportunity

In the context of a rapid growth and a strong focus on AI adoption, Pigment’s security team is well established and expanding in the area overseeing its engineering operations, with a broad project portfolio to bring to fruition. 

This position will contribute in the execution of this very exciting roadmap with a strong focus on application and infrastructure security, and will allow the candidate to acquire or improve a wide range of skills from governance to technical expertise, reporting to the CISO. Our operations are notably integrated into a rigorous SOC 2 and ISO 27001 certification framework.

This role encompasses a broad range of security domains. While immediate expertise in all areas is not required, proficiency across these fields will be beneficial.

Key responsibilities include:

• Security Strategy & Roadmap: Define a risk-driven security roadmap for Pigment's product and infrastructure. This includes designing new security features within the product and continuously enhancing defense-in-depth controls. Prioritise the roadmap items, and exercise influence on the product and engineering team to obtain their buy-in in their delivery

• Technical Security Advisory & Risk Assessment: Serve as a security advisor for developers, product managers, and other key stakeholders. Proactively identify and assess project-related risks and conduct thorough security reviews of code, architecture, and configurations. Deliver actionable solutions that strike an acceptable balance between risk and business benefit, escalating any high-stakes occurrences that require senior management intervention or arbitration.

• Security Assurance & Testing: Participate in security assurance activities, such as coordinating third-party audits, conducting internal code, architecture and configuration reviews, managing red team exercises, and overseeing the bug bounty program. Facilitate the compliance efforts by measuring and managing controls KPIs 

• Vulnerability Management: Drive the end-to-end vulnerability remediation process, covering detection, reproduction, scoring, triage, prioritization, design or validation of mitigation strategies, verification of remediation, and management/improvement of vulnerability KPIs.

• Monitoring & Incident Detection: Continuously improve our security monitoring and incident detection capabilities, working with infrastructure and development teams to identify and collect relevant datapoints, identify security events having a high signal/noise ratio and implement alerts and response playbooks for them.

• Incident Response & Automation: Contribute to security investigations related to incident response and fraud. Develop automated routines to enhance efficiency in these areas.

• Security Evangelism: Participate in developing and delivering employee security awareness training. Act as a security evangelist, particularly for key internal groups such as product teams and developers and SREs.

Example projects that would fall under the remit of the candidate:

• Drive the secure design and development of Pigment’s AI-powered features (including MCP Server and Modeler Agent) by performing threat modeling, conducting  design reviews, partnering closely with engineers, and performing security assessments.

• Continuous improvement of the implementation of least privilege across the production environment, and CI/CD

• Improve the efficiency of Security processes, leveraging automation and AI systems (ex: SIEM)

Environment

The scope of this role is centered around the production environment (although some projects could be related to internal IT security) 

• Sites in Paris, London and NYC 

• Macos, Windows, Linux

• GCP, Kubernetes, Terraform, Postgres, SingleStore, Vault

• Okta, OAuth, JWT, C#, .NET Core, TypeScript, React, Python, Go

• Datadog (SIEM), CloudFlare ZTNA, Falco, Wiz, Riot

• Google Workspace, Jumpcloud, Vanta, Hibob, Slack, GitHub, HackerOne

• Compliance: SOC1, SOC2, ISO27001

Who you are

You have at least 5 years of experience on security topics, either as Security Engineer or Security consultant (of course, you can be more experienced too).

• You are hands-on (the position does not include people management).

• You have strong technical expertise in security and broad background in tech (development, databases, networking, web, etc)

• You have great team spirit with a problem-solving, can-do attitude.

• You have a good dose of humility and the willingness to grow and help your team grow (no matter your seniority).

• You speak English fluently.

What we offer

• Competitive package
• Stock options to ensure you have a stake in Pigment's growth
• The best health insurance with Alan Blue, entirely free for you and your family 
• Weekly Lunch and Lunch vouchers (Swile card) to cover your lunch breaks with total flexibility
• Subscription to Egym Wellpass (ex-Gymlib) for full access to gyms, studios, and wellness spaces across France
• A Learning Stipend per year, for you to develop into areas that amplify impact for your careers or personal development
• Remote work stipend to have the best work station possible at home
• Along with one company offsite every year, we have brand new offices at the heart of major cities including New York, San Francisco, Toronto, Paris, and London
• High-end equipment (based on stock/availability) to do your work in the best conditions