Job details

Lead Security Engineer

Get a free resume review

We're a product-first team on a mission to help grow the cybersecurity culture 🔐

We want to instill cybersecurity good practices to employees in a way that's actually effective, and entertaining enough so that employees don't feel like they're working. Think Duolingo but for cybersecurity.

We created a platform to easily rollout a cybersecurity awareness program: the platform sends chat-based 4-minutes long courses to teams. Following the courses, the other side of the platform simulates phishing attacks, to prepare employees to face hackers — but in a safe environment.

Created in 2020, Riot has raised $30m with leading investors (Y Combinator, Left Lane, Base10, Funders Club and Frst Capital) and is now protecting more than 1 million employees in over 1,500 companies (including Intercom, Deel, and Deezer) all over the world.

Cybersecurity is everywhere. It's impacting everyone, everyday, and it's becoming the number one risk to any organization, whether it's a small business or a big firm. Yet, the cybersecurity culture in most companies is a disaster. Hackers are leveraging this by targeting the weakest link: the employees. We're on a mission to fix that.

As the first Security Engineer in our organization, you will lead and define our security strategy across IT management, security programs, compliance, and application security (AppSec). You will play a crucial role in ensuring our infrastructure, software, and processes are secure, scalable, and compliant with industry standards. This is an opportunity to establish and drive security initiatives from the ground up in a dynamic cybersecurity environment.

What you will do 🤝

- Lead security initiatives like bug bounty, penetration testing, app monitoring, dependency management, and secure IaC with DevOps.

- Maintain SOC2 compliance, implement ISO27001, and manage audits and third-party security reviews.

- Embed security into development workflows, fix vulnerabilities, and deploy AppSec tools and processes.

- Manage IT operations including MDM, employee access, and infrastructure security controls.

Who you are 🪪

Experience: 3-7 years experience in security engineering or software engineering.
Familiarity with SOC2, ISO27001, and compliance frameworks.
You have hands-on experience with bug bounty programs, penetration testing programs, and vulnerability management.
You have strong communication and ability to work collaboratively with engineering and cross-functional teams.
You have a full professional proficiency in English and native in French
You're based in Paris or you're willing to relocate

It will be a cultural fit if 🫂

You're a doer: not afraid to get your hands dirty and get things done
You have high standards: expect performance to be nothing short of the best
You are an enthusiastic at heart: exhibit passion and excitement over work

Why join us at Riot 💜

Join a healthy-financial company: we already are break-even, fundraising helps us to accelerate our scale!
Contribute to a fast-moving environment where growth is real—our revenue grew by an impressive 2.5x in 2024!
Experience the energy of a collaborative team in our modern and cosy office located in heart of Paris: Le Marais

Recruitment process 🎙️

First call with the software engineer currently leading the security effort (30min)
Onsite case study with the CTO (2hr)

€65,000 - €80,000 a year

At RIOT, we believe that diversity drives innovation and inclusion fosters belonging. We are committed to building a team that reflects a wide range of perspectives, backgrounds, and experiences. We welcome candidates from all walks of life and are dedicated to creating an environment where everyone feels valued, respected, and empowered to thrive.

Please note that this is an on-site position with up to 2 days per week of remote work.

Average salary estimate

$72500 / YEARLY (est.)

min

max

$65000K

$80000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Lead Security Engineer, Riot Security

Join Riot as a Lead Security Engineer in the beautiful city of Paris! We’re a product-first company dedicated to changing the narrative around cybersecurity. Our mission is to create a culture of cybersecurity that’s not only effective but also engaging and fun for employees. Think of us as the Duolingo of cybersecurity, making learning an enjoyable experience. Our innovative platform delivers short, interactive courses via chat to help users enhance their cybersecurity knowledge, followed by real-world simulations of phishing attacks to prepare them for the threat landscape. With over $30 million raised and a growing user base exceeding 1 million employees across 1,500 companies—such as Intercom and Deezer—we're making a significant impact in the industry. In this role, you will be pivotal in shaping our security strategy, covering IT management to application security. You'll drive vital initiatives like bug bounty programs and penetration testing while ensuring compliance with SOC2 and ISO27001 standards. If you have 3-7 years of experience in security engineering, thrive in collaborative environments, and share our passion for cybersecurity, you might be the perfect fit. Embrace the opportunity to innovate within a dynamic team and contribute to securing organizations against ever-evolving threats. Let's join forces to enhance cybersecurity culture together!

Frequently Asked Questions (FAQs) for Lead Security Engineer Role at Riot Security

What responsibilities does the Lead Security Engineer at Riot have?

As the Lead Security Engineer at Riot, you'll take on an array of responsibilities that are crucial to our cybersecurity mission. You'll lead initiatives such as bug bounty programs and penetration testing, ensuring our systems and software are secure and resilient against threats. Additionally, you'll manage compliance tasks related to SOC2 and ISO27001, helping to implement robust security measures alongside collaborative engineering and cross-functional teams.