Yousign
Security Engineer
Remote Security Engineering role with clear candidate location fit.
PostedJun 21, 2026
Eligible countries38 accepted countries
Seniority signalSenior
Work settingRemote
Accepted candidate locations
Role overview
Security Engineer
Requirements and responsibilities
Readable role content extracted into sections for faster review.
Your Responsibilities
- Lead the end-to-end security review cycle for all product features: context intake, Decision Records, implementation support, and risk-based unblocking.
- Own and operate Yousign's BugBounty program: triage reports, drive remediation, and manage reward decisions.
- Identify, prioritise, and track remediation of vulnerabilities across Yousign's product and infrastructure perimeter.
- Contribute to the security of the Trusted Zone, and to fraud detection and prevention, alongside the Security & Compliance team.
- Support regulatory compliance (eIDAS, NIS2, ISO 27001): help translate requirements into technical controls, and contribute to audits and remediation when needed.
- Extend security expertise beyond Product to all company initiatives: assess risks, issue guidance, and maintain a consistent security posture company-wide.
- Take part in the team's weekly on-call ("doctor") rotation, and build automation (n8n, AI tooling, alerting) to reduce manual toil.
- Raise the security bar across Engineering and beyond: share knowledge, coach teams on secure-by-design practices, and build security awareness.
Your Profile
- You have deep, hands-on expertise in web application and API security, you know attack and defense mechanisms inside out and can spot a vulnerability in a PR or architecture diagram.
- You are able to independently run threat modeling sessions, produce clear Decision Records, and translate security risks into actionable requirements for engineering teams.
- You have experience managing vulnerabilities across a product perimeter: triaging, prioritising, tracking remediation, and knowing when to accept risk versus escalate.
- You have participated in or run BugBounty programs. You understand triage workflows, reward logic, and how to communicate decisions clearly to researchers.
- You use AI actively to automate parts of your security work, CVE monitoring, BugBounty triage, report generation, and you think critically about how to integrate AI into existing workflows rather than simply adding tools.
- You are comfortable working across domains. Your core is product security, but you are happy to contribute to compliance topics (eIDAS, NIS2, ISO 27001), to fraud detection and prevention, and to the security of a Trusted Zone. Prior exposure to a regulated or Digital Trust environment is a strong plus.
- You are genuinely self-sufficient: you pick up a brief, define the scope, and deliver without hand-holding. You are comfortable in ambiguous, fast-moving environments.
- You are pragmatic by nature. You do not block for the sake of blocking. You find the right balance between security rigour and business velocity, and you know when to escalate versus when to accept risk.
- You communicate clearly and simply. You can explain a complex vulnerability to a non-security engineer in two minutes, and you coach without being preachy.
- You are genuinely curious: you follow threat intel, participate in CTFs, and keep your technical edge sharp because you care about the craft.
- French at a native or near-native level (C2) is required. English at a professional working level (B2) is required for security research, technical documentation, and communication with international BugBounty researchers.
Benefits
- Salary: 53 000 – 79 000 EUR
- Stock options - BSPCE
- Meal vouchers (Swile): 10.50 EUR/day, 50% covered by Yousign
- Health insurance (Alan): 50% covered by Yousign
- Life & disability insurance: 100% employer-covered
- Wellbeing: Axomove (4 physio sessions) and Moka.care (6 therapy/coaching sessions)
- Transportation: 50% reimbursement for public transport for hybrid workers
- Leeto: Access to numerous employee discounts
- Time off: 10 RTT days/year, plus menstrual leave, parenthood benefits, seniority days
- 1 volunteering day/year, learning & development budget, and more
Why join Yousign now?
- A mission that matters in a world challenged by AI-driven fraud
- A vision built on integrity
- A European & sovereign platform
- A certified B Corp
- The golden age of Yousign
Similar roles
Keep a backup shortlist.
Java, Python 8 accepted countries
Application Security Engineer (Tech Lead)Morgan StanleyView role Java, Python 8 accepted countries
Application Security Engineer (Senior)Morgan StanleyView role Appsec, CI/CD 8 accepted countries
Application Security EngineerMorgan StanleyView role Devsecops, Vulnerability Management 8 accepted countries
Senior Product OwnerMorgan StanleyView role Stack
Use these tags to compare similar remote roles.
Location eligibility
Candidates should apply only when their profile country is listed here.
Your profileCountry not setSign in to check your country against this role.
View all 38 accepted countries
Hiring flow
WithMira shows the role, then sends candidates to the company application.
1Check role fit, stack, and location eligibility in WithMira.
2Open the company application page from the tracked apply link.
3Save the role or subscribe for similar opportunities before leaving.