Lead Application Security Engineer

Doctolib Published: March 17, 2021
Levallois-Perret, France
Job Type


During the coronavirus crisis, Doctolib continues to work, operating fully remote as we are building new products that help Doctors in France and Germany. We continue to Recruit and grow the team, all of our Recruiting and Onboarding has now been adapted to remote too.

Are you ready to protect the security and privacy of our patients to ensure the best user experience of the top European healthcare product used and loved by millions of patients and doctors? If so, we are looking for a skilled, passionate Application Security Engineer who loves to reveal potential security issues, fix them, communicate about it, along with crafting solutions to rule out those weaknesses.

We are responsible for keeping millions of users' health records safe and private, that’s why we want to build the best team in order to maintain a state-of-the-art, healthcare compliant information system and product.

Example Of Our Current Challenges

  • Define a seamless and efficient password policy to secure users access to Doctolib
  • Train developers on common web vulnerabilities like SQLi or XSS
  • Build security tests to detect vulnerable functionalities in the product?

What You Will Do

  • Perform security assessments of existing and upcoming Doctolib’s features and products

    • Review code and design of our products
    • Fix vulnerabilities
    • Maintain and contribute to Doctolib’s Secure Development Lifecycle
    • Help our product owners to ship ‘secure by design’ features
    • Contribute to Doctolib’s bug bounty program
    • Raise awareness of our developers to security best practices
    • Create security tests to avoid any regression

    Hard Skills

    Your profile :

    • You are passionate about application security and development!
    • Security assessments of web applications have no secret for you!
    • You have a strong understanding of common and uncommon web application vulnerabilities and mitigations (OWASP Top10)
    • You are experienced in a common programming language (Ruby, Python, Javascript,...)
    • You are familiar or eager to learn about security vulnerabilities specific to Ruby on Rails
    • You have a good understanding of security in distributed systems at scale
    • You speak English and French fluently

    Soft Skills

    • You are able to collaborate with all people working in the company (tech & non-tech)
    • You are autonomous, pragmatic & have good structuration skills
    • You proactively contribute to Doctolib’s security

    What We Offer You

  • A team of 100 amazing people, passionate about a common project

    • Time and budget for self-development: participation in conferences & free time dedicated to preparing talks for meetups and conferences
    • Great office in Levallois!
    • A few DoctoParties, DoctoMonthly Meetings, DoctoBeers, DoctoWeek-ends..
    • The opportunity to revolutionize a whole industry!


  • Contract: full-time position

    • Start: as soon as possible
    • Location: Levallois (relocation package if needed)
    • Package: attractive salary depending on the profile

    Who We Are

    Founded in 2013, Doctolib is the fastest growing and largest eHealth startup in Europe.

    For patients, Doctolib is an online free service that enables them to find a nearby health practitioner, book appointments 24/7 within a few clicks and manage medical bookings.

    For doctors and hospitals, Doctolib is software with a full range of services dedicated to improve their day-to-day organization, develop their practice, build a premium patient experience and allow them to collaborate more easily with referring doctors. We commit to deliver user-friendly tools & services with the goal to improve people’s health and the quality of life of people working in healthcare. We are particularly focused on building an organization where people thrive, grow in their careers, and enjoy having high impact through their work.

    Doctolib in a nutshell

    • We collaborate with 100K doctors and 2K healthcare facilities including some of the most important hospitals in France (AP-HP) and Germany.
    • We gather 45 million patients on our platform each month with a significant growth
    • We are 1 000 Doctolibers located in 35 offices (France and Germany) with our headquarter in Paris.
    • We have raised €150m from Accel Partners (investor in Facebook, Spotify, Dropbox...), Bpifrance (Sigfox, Withings, Parrot), Kerala Ventures, Eurazeoand and some entrepreneurs (Nicolas Brusson (BlaBlaCar), Pierre Kosciusko-Morizet (PriceMinister), Ludwig Klitzsch (CoMedicum), Bertrand Jelensperger (TheFork)...).

    The 5 Core Values of Doctolib: the « SPAAH »

  • Service: Delivering outstanding service.

    • Passion: Being passionate and creating fun.
    • Ambition: Being ambitious, with no limits.
    • Attack: Being determined.
    • Humility: Being humble and sensitive to others.


Related Jobs

Investor / Entrepreneur / Co-fouder / CEO   Eindhoven, Netherlands new
August 8, 2022

Our Channels


Receive our weekly Newsletter

To be updated with all the latest news, offers and special announcements.