Senior Security Engineer (x/f/m)

We are looking for an Application Security Engineer to join the Security team in Paris. As an Application Security Engineer, your mission will be to safeguard the security and privacy of millions of practitioners and patients while helping deliver an exceptional user experience across Europe’s leading healthcare products. You will build and scale healthcare‑compliant security across our platforms, designing, implementing, and continuously improving defenses that protect sensitive health data at scale.

Your responsibilities include but are not limited to:

• Drive security by design across product lifecycles, balancing business goals, risk, and regulation
• Threat model and assess new and existing features; define pragmatic, long‑term security requirements
• Act as a security point‑of‑contact: advise, train, alert on risks, and uplift the organization’s security culture
• Partner with GRC and Product to enrich company‑wide risk analysis and policies
• Own continuous application security: uphold vulnerability SLAs, run Blue Team playbooks, and operate our Bug Bounty program

• You have strong Java/Kotlin (Spring Boot) and solid engineering fundamentals
• You have proven threat modeling and vulnerability identification experience
• You have a deep grasp of OWASP Top 10 and modern application security controls
• You have the ability to reason about complex systems and propose scalable, innovative defenses
• You are fluent in English and French

• Have experience in cross‑organizational, agile project leadership
• Are an empathetic listener, adaptable across cultures and contexts
• Champion security as a business enabler

• Free comprehensive health insurance for you and your children
• Parent Care Program: receive one additional month of leave on top of the legal parental leave
• Free mental health and coaching services through our partner Moka.care
• For caregivers and workers with disabilities, a package including an adaptation of the remote policy, extra days off for medical reasons, and psychological support
• Work from EU countries and the UK for up to 10 days per year, thanks to our flexibility days policy
• Up to 14 days of RTT
• A subsidy from the work council to refund part of the membership to a sport club or a creative class
• Lunch voucher with Swile card

• Recruiter call (30 min)
• Technical interview with the Application Security team (1 hour)
• Study case with restitution (1h30)
• Interview with the CISO (45 min)
• At least one reference check

• Permanent position
• Full time
• Location: Paris area
• Start date: As soon as possible

At Doctolib, we are committed to improving access to healthcare for everyone. This translates into our recruitment process. We evaluate candidates based solely on qualifications and motivation, without any form of discrimination. The more diverse ideas are heard, the more our product will truly improve healthcare for all. You are welcome to apply to Doctolib, regardless of your gender, religion, age, sexual orientation, ethnicity, disability. To ensure equal opportunities, we invite you to exclude personal information (e.g. pictures, age) from your applications. If you require any accommodation, please let us know for support during the hiring process. Join us in building the healthcare we all dream of!

All information provided is processed by Doctolib for application management. For data processing details, click here. Please contact hr.dataprivacy(at)doctolib.com for inquiries or to exercise your rights.