Software Engineer – Security

This is a fully remote position, open to applicants in France.

📋 Description

• Core security components are integrated into the product.

• Authentication - design, develop, and manage the authentication stack utilizing our self-hosted identity provider.

• Our objective is to achieve a passwordless experience with excellent user experience (UX) while facilitating strategic initiatives dependent on this stack.

• Encryption - develop, enhance, and manage our end-to-end encryption component utilized by our Alan Clinic, ensuring it remains user-friendly and seamless for our members.

• Secure file exchange - advance and maintain our secure file exchange platform to support product and operations teams while providing assistance when necessary.

• Secure enclave for medical confidentiality - aid in establishing the foundations to isolate and safeguard highly sensitive medical data without compromising usability or delivery speed.

• Contribute to organization-wide security practices by creating tools and frameworks that assist every engineer in shipping safely (secure CI/CD, vulnerability remediation tools, AI/LLM safety, etc.).

⛳️ Requirements

• Over 3 years of experience in full-stack software engineering roles.

• Proficiency in designing systems, APIs, libraries, or frameworks utilized by other engineers.

• Experience in shipping, owning, and operating production systems (rollouts, on-call, incident management).

• Background in deploying secure features, addressing vulnerabilities, designing authentication/cryptography flows, or promoting secure-by-default patterns in former teams.

• Passion for transforming complex challenges into elegant and secure solutions.

• Commitment to developing secure-by-design products while ensuring delightful user experiences.

• Approach security engineering as a product endeavor: engineers and members are your customers, and security should feel effortless.

• Hands-on attitude: writing code constitutes the majority of the role (Python, TypeScript, Terraform). You are responsible for shipping your code to production and managing it: rollouts, alerting, on-call, incident response.

• Design and articulate: you are equally comfortable writing framing documents, drawing sequence diagrams, and aligning three product teams on an authentication migration as you are with coding. You clarify complex security trade-offs for non-security engineers.

• You are an enabler: your success is measured by how quickly product teams can deliver secure features without needing to consult you. The more effort you invest, the less they need to rely on you.

• You create reusable patterns: guardrails, libraries, and secure-by-default abstractions that mitigate vulnerabilities at scale.

• Proficiency in English is required (French is not mandatory).

🏝️ Benefits

• Alaners enjoy an engaging environment with perks designed to ensure their happiness, efficiency, and quality time spent with colleagues.

• A robust culture: new members at Alan are often pleasantly surprised by our innovative working methods. We adhere to a set of cultural values that guide our work approach.