Senior Security Engineer - Paris

Key Responsibilities:

• Embed security early in the software development lifecycle by collaborating closely with engineering teams to integrate secure coding practices, automated security testing, and threat modeling.
• Develop and implement security guardrails, ensuring developers and infrastructure teams can self-serve secure frameworks and best practices.
• In charge of security reviews for new features, services, and infrastructure changes, proactively identifying and mitigating risks before deployment.
• Design and implement AI-driven security solutions, leveraging machine learning for anomaly detection, threat intelligence, and automated response.
• Develop automation to streamline vulnerability management, compliance reporting, and security operations.
• Build and maintain security-as-code templates, playbooks, and CI/CD-integrated security controls, enabling developers to securely deploy software without friction.
• Provide internal tooling and training that empowers teams to manage security risks without needing constant security team intervention.
• Advocate for a DevSecOps culture by mentoring teams and driving security awareness across the engineering organization.
• Harden Aircall’s SaaS infrastructure by designing scalable, cloud-native security solutions (AWS, Kubernetes, Terraform, etc.).
• Strengthen API security and application security by enforcing best practices for authentication, authorization, and secure data handling.
• Monitor and improve security observability, ensuring visibility across all environments through logs, alerts, and automated threat detection.
• Own and improve incident detection and response capabilities, ensuring rapid containment and resolution of security threats.

Qualifications:

• You have at least 5+ years of experience in Security involving Public Clouds ( preferably AWS)
• Strong development background with experience in secure coding practices
• Experience with automation & AI-driven security – ML-based threat detection, and security automation tools
• Hands-on expertise in DevSecOps – integrating security tools into DevOps workflows (SAST, DAST, IaC scanning, runtime protection).
• Shift-left & enablement-focused: Passion for making security a frictionless part of engineering workflows rather than a blocker.
• Self-service mindset: Believes in building security guardrails and automation so developers can self-serve security solutions.
• Problem-solver & automation-first thinker: Constantly looks for ways to remove manual work through scripting, AI, or process improvements.
• Strong collaboration & communication skills: Able to partner with developers, SREs, and product teams to drive security adoption.
• Security evangelist: Proactively educates teams on security risks and best practices through training, workshops, and internal documentation.