SeniorFull TimeEN
Get to know us
Do you want to help us shape what the future of work will look like and how it will best embrace our life's aspirations? If this sounds like a journey you want to embark on, we may have the right role for you! PayFit is an intuitive software as a service payroll and HRIS solution designed specifically for SMBs. Since 2015, we have set ourselves a mission to simplify payroll for SMBs and enable employers and employees to grow together. We are a European company operating from 3 main countries (France, Spain, and the UK) where we are supporting over 20,000 clients.
Creating a fulfilling work environment and culture is also a core mission at PayFit, and our day-to-day work philosophy is reflected in our four values:
Care: We genuinely care for others whoever they are, whatever they think.
Excellence: We aim to improve and achieve better results every day.
Humility: Staying humble and exchanging transparent feedback helps us to grow and improve.
Passion: We are the architects of PayFit's success.
A key part of our culture, and essential for our success, is also improving the diversity of our teams and building an inclusive culture where you can be yourself at work.
This is why our recruitment focuses on the skills you demonstrate, and not only on your academic background or previous professional experiences. At PayFit we understand that you can gain applicable skills through a variety of life experiences and we are interested in knowing them, too.
Location :
You can work at this role from any location in France or Spain, with occasional visits to the Paris office.
Position Overview :
We're looking for a Senior Application Security Engineer to join our Application Security team, part of the Engineering Platform tribe.
You'll be the AppSec engineer closest to our product engineering teams, not the gatekeeper at the end of the pipeline, but the partner who helps developers ship secure software by default. You'll drive a meaningful shift-left across the SDLC, mentor the rest of the security team, and bring an offensive mindset to how we test our own applications, including how we leverage AI to pentest them.
This is a senior individual contributor role with strong influence. You'll work alongside another Security Engineer and our Compliance Analysts, and partner daily with infrastructure, platform, and product engineering teams to keep PayFit secure as we scale across Europe.
Embed security into how PayFit builds software. Partner with product teams from design to deployment; threat modeling new features, reviewing architecture decisions, performing code reviews, and helping developers internalize secure-by-default patterns. Make security a multiplier, not a bottleneck.
Drive offensive testing of our applications, including with AI
Run internal application pentests with an attacker mindset and explore how AI can be used to scale and deepen our offensive testing, from automated reconnaissance to AI-assisted vulnerability discovery on our own codebase and APIs. Turn findings into concrete remediation plans and reusable detection patterns.
Secure the SDLC in the age of AI
Help define how PayFit builds software securely when AI is part of the toolchain, from AI-assisted code generation in developer workflows to agentic systems we operate internally. Contribute to guardrails, review patterns, and threat models for AI-augmented development and AI features in our product.
Deploy and maintain security tooling across our CI/CD pipelines: SAST, SCA, container and image scanning, secrets detection, and supply chain controls. Build automation in TypeScript to scale security across our AWS and K8S/EKS estate, integrating with our existing toolchain (GitHub, CircleCI, Spacelift, Wiz, Datadog, Jira).
Mentor the other members of the Security & Compliance team and raise the security bar across engineering. Lead awareness sessions, write standards, run training, and animate the security community at PayFit. Make others better. That's a core part of the job.
Triage HackerOne reports, follow up on findings with engineering teams, and contribute to incident response: investigation, coordination, and post-mortem. Identify systemic issues behind individual findings and drive durable fixes.
5+ years of experience in security, with a strong Application Security focus and a background in software engineering or DevOps
Solid Cloud security knowledge, with a strong advantage for AWS (IAM, Secrets Manager, Organizations, Identity Center), and with the ability to design and review secure cloud-native architectures
Hands-on experience reviewing the security of applications across architecture, code, and infrastructure, with a risk-driven approach
Comfortable with application security fundamentals: authentication and authorization, encryption, integrity, logging, supply chain
Offensive mindset: experience running application pentests, exploiting vulnerabilities, and translating findings into actionable remediation
Coding skills in TypeScript (for code review and building security tooling)
Experience working in modern SaaS ecosystems: IaC, GitOps, DevSecOps, CI/CD (Terraform, GitHub, CircleCI, Helm, or equivalents)
Strong communication skills: you can talk to developers as a peer, explain risk to non-security audiences, and influence without authority
A genuine taste for mentoring and growing others
Professional English: written and spoken
Nice to have:
Experience in pentesting or securing AI/LLM-powered applications, or using AI tooling for offensive security
Working knowledge of Kubernetes security in production environments
Experience with bug bounty programs (HackerOne or equivalent)
Familiarity with security observability and detection tooling (SIEM, Datadog, Wiz, or similar)
Exposure to compliance frameworks (ISO 27001, SOC 2, DORA) ; useful given our team setup
Technical stack: TypeScript, AWS, Kubernetes, Helm, Terraform
Code & delivery: GitHub, CircleCI, ArgoCD, Spacelift
Security & observability: Wiz, Datadog, HackerOne, Burp Suite
Project management and knowledge: Jira, Notion
Communication: Slack, Gather, Meet
Why join PayFit:
Real impact: You'll directly shape how 20,000+ businesses across Europe trust us with their payroll and HR data
Senior IC role with reach: You influence engineering at large, not just the security team
Pragmatic security: We care about real risk reduction, not theater
AI-forward security: A real mandate to explore AI in offensive security, not a buzzword
Modern stack and modern practices: Cloud-native, GitOps, DevSecOps, and the autonomy to shape them
AI-First Developer Experience: We fully support and fund the use of AI agents (Claude Code, Codex, OpenCode, etc.) to automate routine tasks, accelerate refactoring, and minimize "toil," allowing you to stay in a state of deep flow.
Interview process :
1. Interview with a Talent Acquisition Specialist
2. Interview with the Hiring Manager
3. Technical Interview with the Team
4. Final Interview
👉 Background Check (ISO27001 certification): identity, diploma, and past professional experiences will be checked after the offer.
What we offer
Flexibility: We believe it is key to producing your best work and being fulfilled. We therefore offer the possibility to work away from our main offices, within France, as well as abroad for a defined period. Further requirements may apply depending on the role and your overall experience.
Learning & Development: At PayFit, we offer a comprehensive learning platform that enables you to acquire new skills daily, supported by our company. We also have English language courses to improve your business communication vocabulary and get to the next level.
Career Development: We want you to progress and be free to choose which direction you want to grow. There are also opportunities for internal moves.
Health insurance: Henner Mutuelle Insurance (60% covered by PayFit, free coverage for children
Transportation: 50% of public transportation costs are covered by PayFit for those living within the Ile de France region, or assistance with sustainable mobility (a bicycle rental subscription, purchase of soft mobility equipment to get to work, etc.).
Meals: A restaurant card with our partner Swile (9€ per workday) covered at 60% by PayFit
A Work Council grant: A monthly allowance to be spent on culture, sports, personal services, etc., as well as a vacation bonus.
Home office budget: A contribution in € per year to help you get set up in the best conditions. A MacBook is our standard working tool
Parental support program: Salary maintenance during the first month of additional parental leave.
Time off: 25 days of holidays + RTT days (depending on the contract).
Disability Inclusion: All of our positions are open to any person living with a disability. To guarantee equal treatment and opportunities, we will take, based on individual needs, appropriate measures to adapt the work conditions of PayFiters with disabilities, and if needed also during the recruitment process. Please let us know what you need and we will do our best to accommodate!
