Senior DevSecOps Engineer (Offensive Security Focus) > Joboolo FR :

Job Description — Senior DevSecOps Engineer (Offensive Security Focus)

Location:


Hybrid (Paris) or Remote (France/Europe)

Department:


Cybersecurity / DevSecOps

Seniority:


Senior / Expert

Duration:


1 year (renewable)

Contract:


Full-time (Freelance)

About the role

We’re looking for a Senior DevSecOps Engineer with a strong Offensive Security mindset to elevate our application security across the full SDLC.


You’ll combine hands-on penetration testing skills with modern DevSecOps practices to find real-world risks, automate security controls, and help engineering teams ship secure software faster.

You’ll work closely with developers, cloud/platform teams, and architects to integrate security into CI/CD, strengthen cloud-native workloads, and build a strong secure engineering culture.

What you’ll do

Offensive Security / Application Security

• Perform targeted penetration tests on web, API, mobile, and cloud-native applications.


• Conduct threat modeling and adversarial analysis on critical services.


• Identify, exploit, and validate vulnerabilities to assess real impact and exploitability.


• Perform secure code reviews (manual and tooling/AI-assisted).

DevSecOps Integration

• Improve SAST, SCA, DAST, IaC, and container scanning in Azure DevOps pipelines (Snyk experience is a major plus).


• Automate security gates and enforce quality thresholds in CI/CD.


• Build custom security checks, scripts, and DevSecOps automations.


• Improve developer workflows by providing secure coding guidance and actionable fixes.

Secure SDLC & Continuous Hardening

• Run security reviews for new applications and major releases.


• Support Security Champions and coach development teams.


• Participate in incident response and post-mortems for security issues.


• Collaborate with Cloud Security on posture management and remediation.

Security Automation & AI

• Develop or tune AI agents to support vulnerability analysis and remediation.


• Automate correlation of findings across tools (SAST/SCA/Cloud).


• Contribute to internal security dashboards and metrics (Power BI, API integrations).

What we’re looking for

Required experience

• Strong track record in application penetration testing (OWASP Top 10, API attacks, auth bypass, RCE, business logic flaws).


• Strong understanding of secure coding (C#, Java, JS/TS, Python, etc.).


• Familiarity with DAST tools plus manual exploitation techniques.


• Deep knowledge of authN/authZ (OAuth2, OIDC, JWT).


• Strong grasp of DevSecOps architecture and SDLC best practices.

Hands-on experience with:

• Azure DevOps pipelines


• Azure Cloud (App Services, Functions, IAM, Storage, Key Vault)


• Container security (Docker, Kubernetes basics)


• Snyk (SAST/SCA/IaC/Cloud) (highly valued)

Tooling & frameworks

• Burp Suite, ZAP, Nmap, Postman, Metasploit, custom scripts.


• Threat modeling methods (MITRE ATT&CK, STRIDE).


• Source code review with or without tooling.

Soft skills

• Ability to challenge designs and architectures from an attacker’s POV.


• Clear communication with technical and non-technical stakeholders.


• Strong ownership, mentoring mindset, and leadership on security topics.


• Analytical thinking, problem-solving, pragmatism.

Nice to have

• Certifications (preferred, not required):
  
  
  OSWE / OSCP / OSEP / GWAPT, AZ-500 / AZ-400 or similar.


• Experience in large enterprise environments.


• Experience with AI-assisted AppSec tooling and workflows.

Why join us

• High-impact role with real ownership over AppSec and DevSecOps practices.


• Modern cloud-native stack (Azure) and a strong focus on automation.


• Opportunity to blend offensive security with engineering enablement and AI-powered security.