Head of Product & Application Security (x/f/m)
54 Quai Charles Pasqua, 92110 Levallois-Perret
Are you ready to protect the security and privacy of our international community of practitioners and patients while ensuring the best user experience of the top European healthcare products?
If so, we are looking for a skilled, passionate product & application security leader who will build and maintain the new state-of-the-art application security standard for the decade in healthcare.
What you will do
- Lead and manage the product & application security team that enables Doctolib business and products to build new applications secured by design and continuously monitored.
- Define and report long term strategy with the CISO for the security of the products at Doctolib (budget, roadmap, resources and organisation)
- Define our level of ambition for the security of our applications to reach acceptable residual risks on confidentiality, integrity, availability and compliance of personal and health data.
- Build security partnership services within the company to drive high leverage security initiatives in the engineering ecosystem.
- Drive appsec engineering to build tools and trainings that reduce risks via application insight and self-service at scale
- Improve operational appsec, vulnerability fix SLA, PSIRT (SOC 24/7), Bug Bounty to ensure continuous security of all our applications.
- Deliver strategic impactful results by coordinating and supervising cross company security projects with key stakeholders from other teams.
- Inspire and foster security culture and golden rules within the company. Contribute to define the Doctolib influence in the international security community by publishing articles and participating in conferences.
We are looking for someone with
- Minimum 5 years of experience within the security domain
- Minimum 5 years of experience working as a team leader or manager of a team of autonomous skilled junior and senior engineers
- Experience working in a large cloud SaaS software company
- You have experience in attack by identifying threat scenarios and vulnerabilities, using external penetration testing, bug bounties or internal red teaming.
- You have experience in defense implementing protection mechanisms such as authentication, access control, encryption, to achieve effective security.
- You have a strong understanding of threat modeling and risk analysis within any aspect of the business (applications, engineering, operations, IT, etc.)
- You have a good understanding of modern web applications security and technologies
- You have a strong understanding of the product and engineering ecosystem, including different jobs, roles, competencies.
- You speak English and French fluently
- You are autonomous, pragmatic & have good structuration skills
- You think strategically, and can articulate what you are, and are not, trying to do
- Experienced in cross company project management with agile methods
- You are concise and articulate in speech and writing
- You listen well and seek to understand before reacting
- You maintain calm poise in stressful situations to draw out the clearest thinking
- You adapt your communication style to work well with people from around the world who may not share your native language or culture.
The interview process
- Recruiter Call (30 min)
- Technical interview with the App Sec team (1 hour)
- Study case with restitution (1h30)
- Interview with the CISO (45 min)
- Contract: full-time position
- Start: as soon as possible
- Location: based in our headquarter at Levallois (relocation package if needed)
- Package: attractive salary depending on profile
Founded in 2013, Doctolib is the fastest growing e-health service in Europe.
We provide healthcare professionals with services to improve the efficiency of their organization, transform their patients' experience, and strengthen cooperation with other practitioners. We help patients to access care easily, with online appointment scheduling, teleconsultations and receiving their prescriptions online.
Doctolib is also a group of passionate entrepreneurs who are transforming the healthcare industry and share the SCALES values.
At Doctolib, we don’t just accept diversity, we respect and celebrate it! We’re proudly committed to equal employment opportunities regardless of your gender, religion, age, sexual orientation, ethnicity, disability or place of origin. We take care of each other and are grateful for each Doctoliber’s contribution to our mission!