⚠️ During the coronavirus crisis Doctolib continues to work, operating fully remote as we are building new products that help Doctors in France and Germany. We continue to Recruit and grow the team, all of our Recruiting and Onboarding has now been adapted to remote too.

Are you ready to protect the security and privacy of our patients to ensure the best user experience of the top European healthcare product used and loved by millions of patients and doctors? If so, we are looking for a skilled, passionate Senior Application Security Engineer who loves to reveal potential security issues, fix them, communicate about it, along with crafting solutions to rule out those weaknesses.
We are responsible of keeping millions of users health record safe and private, that’s why we want to build the best team in order to maintain a state-of-the-art, healthcare compliant information system and product.

Example of our current challenges:

  • Define a seamless and efficient password policy to secure users access to Doctolib
  • Train developers on common web vulnerabilities like SQLi or XSS
  • Build security tests to detect vulnerable functionalities in the product?

What you will do:

  • Perform security assessments of existing and upcoming Doctolib’s features and products
  • Review code and design of our products
  • Fix vulnerabilities
  • Maintain and contribute to Doctolib’s Secure Development Lifecycle
  • Help our product owners to ship ‘secure by design’ features
  • Contribute to Doctolib’s bug bounty program
  • Raise awareness of our developers to security best practices
  • Create security tests to avoid any regression

Your profile : 

Hard skills:
  • You are passionate about application security and development!
  • Security assessments of web applications have no secret for you!
  • You have a strong understanding of common and uncommon web application vulnerabilities and mitigations (OWASP Top10)
  • You are experienced in a common programming language (Ruby, Python, Javascript,...)
  • You are familiar or eager to learn about security vulnerabilities specific to Ruby on Rails
  • You have a good understanding of security in distributed systems at scale
  • You speak English and French fluently
Soft Skills:
  • You are able to collaborate with all people working in the company (tech & non-tech)
  • You are autonomous, pragmatic & have good structuration skills
  • You proactively contribute to Doctolib’s security

The Interview process :

  •  30min phone screen with a Tech Recruiter
  • 1h technical interview 
  • Take home test with restitution  

More about the position :

  • Permanent Position
  • Full time
  • Location: Levallois-Perret
  • Start Date : ASAP

Who we are:

Founded in 2013, Doctolib is the fastest growing and largest ehealth startup in Europe.
For patients, Doctolib is an online free service which enables them to find a nearby health practitioner, book appointments 24/7 within a few clicks and manage medical bookings.
For doctors and hospitals, Doctolib is a software with a full-range of services dedicated to improve their day-to-day organization, develop their practice, build a premium patient experience and allow them to collaborate more easily with referring doctors. We commit to deliver user friendly tools & services with the goal to improve people’s health and quality of life of people working in healthcare. We are particularly focused on building an organisation where people thrive, grow in their careers, and enjoy having high impact through their work.
At Doctolib, we don’t just accept diversity, we respect and celebrate it! We’re proudly committed to equal employment opportunities regardless of your gender, religion, age, sexual orientation, ethnicity, disability or place of origin. We take care of each other and are grateful for each Doctoliber’s contribution to our mission!

Apply for this Job

* Required