In less than a decade, ManoMano has become a key player in the home improvement and renovation sector.
Founded in France in 2013 by two French DIY enthusiasts amazed at the lack of digitalization in the market, ManoMano is now present in 6 European countries (France, Belgium, Spain, Italy, Germany, UK), federates over 5,000 sellers and now offers the widest range of DIY and gardening products online (+19 million products references).
Motivated by the prospect of improving the living environment of their customers and convinced of the importance of the home market for sustainable consumption habits, the ManoMano teams want to help write a new page in their industry, which is struggling to reform itself. ManoMano brings to a highly technical world the power of its sector expertise, combined with that of data and digital in all its dimensions, to offer our customers easy access to innovative advice, products and services 100% online.
The ambition of the Founders and, above all, of Manas & Manos? To accompany this sector transformation with a strong culture of boldness, in an ingenious and frugal organization that places people and teams at the heart of the company's development.
CONTEXT
The Security Expert is in charge of ensuring the security of our environment with an offensive mindset. The goal is to find innovative solutions to address ManoMano's cybersecurity needs, including cloud and platform security.
MISSIONS
Architect and implement robust security measures for cloud infrastructure and platforms to ensure the security and compliance of all cloud-based services.
Evaluate and implement security solutions for containerized applications and microservices.
Collaborate with the Data Protection Officer (DPO) on compliance issues to ensure adherence to data protection regulations and standards.
Identify and fix vulnerabilities from start to finish. Communicate discovered vulnerabilities, how to exploit them, and how to fix them to both technical and non-technical audiences.
Conduct penetration tests and security assessments on existing and new ManoMano features and services, including internal and external networks, web, and mobile applications.
Participate in and design RedTeam missions to enhance culture and train our staff.
Lead and support application security testing and threat modeling, including code audits, static code analysis, and dynamic testing.
Consider emerging vulnerabilities and threats in the context of organizational risk and business impact.
Participate in designing solutions and fixing vulnerabilities. Work with engineering teams during the design phase of new products and features, conducting threat modeling, security architecture, and code reviews.
Maintain a strong security culture: We create awareness and training programs. You maintain a high-security culture within the company. Organize and lead internal and external conferences and workshops.
Collaborate with our DevOps, Software Engineers, and Engineering Managers to continually improve our application security strategies and priorities to protect our customers, vendors, and business.
Be the first responder and remediation for security alerts/incidents.
Develop active defense: We develop and integrate security tools/solutions to automate and enhance detection and remediation.
PROFILE
Master's degree in Computer Science, Engineering, Information Technology.
Extensive experience and strong understanding of common and uncommon web application vulnerabilities and fixes.
Eager to learn, progress, and innovate in intrusion techniques and offensive security.
Good knowledge of web applications, operating systems, security tools, network infrastructure, and cloud security.
Proven experience in designing and implementing security architectures for cloud-based and/or on-premises systems.
Expertise in cloud security platforms and tools, including knowledge of compliance and regulatory requirements.
Excellent communication skills (oral and written) with both technical and non-technical audiences, with a positive and collaborative attitude.
Curiosity and desire to challenge conventional approaches to problem-solving.
Scripting experience.
Languages: French, English.
Experience in "capture the flag" (CTF) events, Bug Bounty, or vulnerability research (CVE) is a plus.
