Lead Application Security Engineer

Lenstra was created by the passion of engineers specialised in Computer Science with a proven history in delivering top quality solutions to its customers. Bringing together work excellence and vision we managed to serve top tier clients from a variety of industry domains like Banking/Insurance, Luxury and Tech.

We help our clients to solve their most difficult problems around Cloud Computing & DevOps, Data Platform, IT Security by having a holistic approach of their environment and building often complex but always relevant solutions to help them accelerate their business.

Our engineering team is committed to great ethics and most of our teammates are core contributors to OpenSource projects such as CPython , Postgres or Terraform .

About the role

We are currently helping an investment management client in protecting their low-latency processing systems and trading platforms across diverse environments. Reporting directly to the Group’s CISO, you will work collaboratively with development, infrastructure, and operations teams to embed security into every phase of the software development lifecycle.

Responsibilities

• Serve as the internal point of reference and Subject Matter Expert for application security and DevSecOps practices.
• Advise on best practices and long-term strategy for secure automation, ensuring security is integrated at all stages—from design and development to deployment and operations.
• Lead the development and implementation of robust security controls in our CI/CD pipeline, including automated testing, compliance checks, and vulnerability management.
• Collaborate with cross-functional teams (software developers, infrastructure engineers, and security officers) to ensure all solutions follow secure coding practices and meet industry standards (e.g., ISO 27001, NIST CSF, SOC 2).
• Conduct comprehensive design reviews, threat modeling, and architecture assessments to proactively identify and mitigate security risks in new and existing solutions.
• Establish and enforce policies for encryption, authentication (both human and machine), access control (role- and attribute-based), secret management, and secure configurations in cloud (AWS, GCP, or Azure) as well as on-premises environments.
• Champion Infrastructure as Code (IaC) practices by integrating security checks into automated deployment processes using tools such as Terraform, CloudFormation, or Ansible.
• Develop, monitor, and report Key Risk Indicators (KRIs) to track security performance and drive continuous improvement.
• Provide leadership and training—both informally and through scheduled workshops—to up skill teams on secure development practices, DevSecOps tools, and emerging industry trends.

Qualifications

• A minimum of 5 years of hands-on experience in application security, with proven expertise securing modern architectures—including cloud environments, containerised applications, serverless platforms, APIs, and traditional on-premises systems.

• Demonstrable experience implementing and managing secure CI/CD pipelines and integrating DevSecOps practices.

• Proficiency in Linux environments, networking protocols (TCP/IP, UDP, and micro services architectures.

• Strong coding skills in at least one modern language (e.g., Python) with the ability to read, analyse, and communicate code vulnerabilities to both technical and non-technical audiences.

• Familiarity with common security frameworks and methodologies (e.g., OWASP Top 10, NIST SSDF) and hands-on experience with security testing tools (e.g., DAST, SAST, …).

• Excellent written and verbal communication skills, with proven ability to transform complex technical concepts into clear business and security recommendations.

Technical Stack

• Security: AppSec, DevSecOps, Secure SDLC, SAST/DAST, Threat modeling, CI/CD security, KRIs, Pen testing, OWASP, NIST, ISO 27001, SOC 2
• Cloud/Infra: AWS, GCP, Azure, On-prem, Serverless, Containers, APIs
• IaC: Terraform, Ansible, CloudFormation
• Dev/Systems: Python, Linux, TCP/IP, UDP, Microservices
• Certs: CSSLP (preferred)

Location: This job is based in Paris, on a hybrid set-up (3 days onsite, 2 days at home).

Our recruitment process consists in 3 interviews:

• 1 introductory call with the recruiter
• 1 technical interview
• 1 meeting with the final client