Senior DevSecOps Engineer (Offensive Security Focus)

Job Description — Senior DevSecOps Engineer (Offensive Security Focus)

Location : Hybrid (Paris) or Remote (France / Europe)

Department : Cybersecurity / DevSecOps

Seniority : Senior / Expert

Duration : 1 year (renewable)

Contract : Full-time ( Freelance )

We’re looking for a Senior DevSecOps Engineer with a strong Offensive Security mindset to elevate our application security across the full SDLC. You’ll combine hands‑on penetration testing skills with modern DevSecOps practices to find real‑world risks, automate security controls, and help engineering teams ship secure software faster.

You’ll work closely with developers, cloud / platform teams, and architects to integrate security into CI / CD, strengthen cloud‑native workloads, and build a strong secure engineering culture.

• Perform targeted penetration tests on web, API, mobile, and cloud‑native applications.
• Conduct threat modeling and adversarial analysis on critical services.
• Identify, exploit, and validate vulnerabilities to assess real impact and exploitability.
• Perform secure code reviews (manual and tooling / AI‑assisted).

• Improve SAST, SCA, DAST, IaC, and container scanning in Azure DevOps pipelines (Snyk experience is a major plus).
• Automate security gates and enforce quality thresholds in CI / CD.
• Build custom security checks, scripts, and DevSecOps automations.
• Improve developer workflows by providing secure coding guidance and actionable fixes.

• Run security reviews for new applications and major releases.
• Support Security Champions and coach development teams.
• Participate in incident response and post‑mortems for security issues.
• Collaborate with Cloud Security on posture management and remediation.

• Develop or tune AI agents to support vulnerability analysis and remediation.
• Automate correlation of findings across tools (SAST / SCA / Cloud).
• Contribute to internal security dashboards and metrics (Power BI, API integrations).

• Strong track record in application penetration testing (OWASP Top 10, API attacks, auth bypass, RCE, business logic flaws).
• Strong understanding of secure coding (C#, Java, JS / TS, Python, etc.).
• Familiarity with DAST tools plus manual exploitation techniques.
• Deep knowledge of authN / authZ (OAuth2, OIDC, JWT).
• Strong grasp of DevSecOps architecture and SDLC best practices.

• Azure DevOps pipelines
• Azure Cloud (App Services, Functions, IAM, Storage, Key Vault)
• Container security (Docker, Kubernetes basics)
• Snyk (SAST / SCA / IaC / Cloud) (highly valued)

• Burp Suite, ZAP, Nmap, Postman, Metasploit, custom scripts.
• Threat modeling methods (MITRE ATT&CK, STRIDE).
• Source code review with or without tooling.

• Ability to challenge designs and architectures from an attacker’s POV.
• Clear communication with technical and non‑technical stakeholders.
• Strong ownership, mentoring mindset, and leadership on security topics.
• Analytical thinking, problem‑solving, pragmatism.

• Certifications (preferred, not required) : OSWE / OSCP / OSEP / GWAPT , AZ-500 / AZ-400 or similar.
• Experience in large enterprise environments.
• Experience with AI‑assisted AppSec tooling and workflows.

• High‑impact role with real ownership over AppSec and DevSecOps practices.
• Modern cloud‑native stack (Azure) and a strong focus on automation.
• Opportunity to blend offensive security with engineering enablement and AI‑powered security.