Senior Application Security Engineer ​​(f/m/d) - Customer Growth

In Decathlon Digital, Customer Growth provides best-in-class seamless customer identification and connection to the whole Decathlon ecosystem at a global scale.

We operate in 70+ countries and are responsible for 200M+ individual accounts across the World.

We are also responsible for developing customer 360 knowledge and leading the business through personalized experiences and recommendations.

The Customer Growth security team is looking for a Senior Application Security Engineer to join us in our lovely new Amsterdam office. The scope of this role is to enhance and maintain a high level of application security of the Identity (customer database) and Login (API authorization server + login workflow) products which are highly critical.

 

Your responsibilities

• Provide hands-on support to business-critical digital products. You will be at the “fort door” of the Decathlon customer data and you want to help teams implement the best solution to solve problems on a global scale.
  
  
• Analyze the findings identified by the security of tooling (SAST, SCA, CSPM, CWPP, monitoring, and WAF tools) in order to continuously (1) improve detection, (2) automate and scale up the prevention of these defects in a shift-left manner while (3) making teams more empowered to excel in their security practices.
  
  
• Provide security expertise to the ongoing and upcoming security enhancements of account security: risk-based authentication, Passkeys, anti-bot management, and fraud prevention.
  
  
• Analyze the reports raised by our Bug Bounty hunters. Forward the report to the right persons and suggest the best mitigation.
  
  
• Stay at the forefront of cybersecurity trends and developments, continually expanding your knowledge and skills to adapt to evolving threats and technologies. We invest a lot in continuous skills development.
  
  
• Identify and assess the risks related to application security and technical design choices. Lead this threat modeling approach to limit risks from appearing.
  
  
• Data-driven approach: Set up and maintain the tools to ingest and provide dashboards from security-related data in order to best inform the empowered teams and the leadership team on the security situation and the outcome of the actions.
  
  
• Adapt and contribute to the (pragmatic) application security guidelines definition (secure defaults, hardening configuration, use of identity federation, choice of dependencies, etc.).
  
  
• Lead the organization of some security audits performed by external security audit firms.
  
  
• Occasionally, help with security incident response.
  
  
• Occasionally, assess the security of websites, API, code, CI/CD, or cloud configuration by performing security audits and security analysis.

 

What You Need to be Successful

• We are looking for a passionate application security engineer with 4+ years of experience in development-related cybersecurity activities.
  
  
• You have solid technical knowledge in a majority of the following areas: backend software security (preferably in Java/SpringBoot), frontend security, secure SDLC, CI/CD pipelines, and containers.
  
  
• You have an experience with OAuth2 / OIDC protocols.
  
  
• You have experience and a deep understanding of API management and API security.
  
  
• You enjoy writing code and fixing code (following the best code management practices).
  
  
• You enjoy working in a distributed team and with international colleagues present in several cities across several countries.
  
  
• You have full professional proficiency in English.
  
  
• You have strong problem-solving skills, excellent communication, and collaboration skills.
  
  
• You are passionate about sports and you want to share your passion with a team of passionate people.
  
  
• Being risk-based and working with a product mindset is your philosophy (not unconditionally chasing the last shiny thing).

 

About the tech

• Security tooling: CSPM, CWPP, SAST, SCA, Cloudflare, Vault.
• Monitoring and SIEM: Datadog, Splunk.Operating model: Best-in-class organization based on empowered product teams.
• Backend: Java (Spring Boot), PostgreSQL, Kafka, Redis.
• Full cloud: GCP, AWS.
• CI/CD: GitHub Actions, Rancher, Helm, Flux.
• Containers: Kubernetes, GKE
• Collaboration tools: Slack, Google Workspace, Confluence.

Benefits

• Hybrid and flexible work environment.
• Hardware provided in accordance with your missions and our social commitments (Mac, Windows).
• Skills development and mentoring (diversity of projects, technical certifications from the first year, internal and external training, etc.).
• Remuneration package (monthly/quarterly bonuses)

 

 

DECATHLON DIGITAL CONTEXT 

What if technology allowed us to push the boundaries and take sports experiences to new levels? That's exactly our goal at Decathlon Digital! We are a team of 5,000+ experts in software engineering, product management, data, cloud, and cybersecurity, distributed across Paris, Lille, and Amsterdam. Together, we are creating the largest digital sports platform, leveraging tech innovation from design to value chain optimization, connected experiences and product second life.

Changing the game for good. We are in this for the love of sports. And like everything we love, we want it to last. That’s why we are embarking on a journey to create a more sustainable tech model, reducing our direct environmental impact while maintaining a safe, diverse, and inclusive space for all our people to learn and thrive together. Team up with us to design the digital future of sports.