Senior Security Engineer

⭐ About the role :

At DataDome, security is a core part of how we build and scale. Our security team already covers GRC, SecOps, and security leadership, and we are now looking for a senior individual contributor to strengthen the engineering-facing side of the function.

As DataDome evolves from a single product into a broader platform, our security scope is expanding across product, infrastructure, internal systems, and AI-enabled workflows. At the same time, our regulatory and assurance requirements are becoming more demanding, including ISO 27001 and SOC 2.

We are looking for a Senior Security Engineer with a strong technical background, able to work closely with engineering teams and bring practical security expertise to product security, cloud security, application security, secure software supply chain, security tooling, and AI security topics.

This role reports directly to the Head of Security. It is a pure individual contributor position with no management responsibilities. Impact comes from technical depth, hands-on execution, and cross-functional influence.

👉 You will be more specifically in charge of things like...

Product, cloud, and application security

• Contribute to architecture, design, and implementation reviews for new features, services, platform changes, and cloud initiatives.
• Support pragmatic threat modeling and secure-by-design practices across APIs, services, data flows, workloads, and platform components.
• Advise engineering teams on application security, cloud and infrastructure security, and secure software supply chain topics.
• Help teams make sound security trade-offs and support remediation on complex or high-priority topics.

AI security and enablement

• Contribute to the security of AI-related product capabilities, including model, pipeline, data flow, and integration considerations.
• Assess technical security risks related to internal AI usage, including data exposure, acceptable use, and vendor-related concerns, in partnership with the GRC function where relevant.
• Identify practical opportunities to leverage AI in security workflows, including threat analysis, remediation support, security reviews, and compliance-related automation.

Technical risk and security enablement

• Bring strong technical depth to security and risk discussions by helping identify realistic attack paths, assess practical impact and likelihood, and translate findings into pragmatic remediation priorities.
• Partner with the GRC function to ensure risk assessments are supported by strong technical input and connected to concrete engineering actions.
• Explain risks, trade-offs, and recommendations in a way that drives action across engineering and cross-functional teams.
• Make secure practices easier to adopt through clear guidance, repeatable patterns, automation, and pragmatic support.

Security tooling improvement

• Contribute to improving and evolving our security tooling, in close collaboration with SecOps, with a focus on making security signals, posture insights, and remediation workflows more useful for Security and Engineering teams.
• Develop use cases, dashboards, workflows, and integrations that help teams better understand, prioritize, and remediate security issues.

👤 It would be great if...

You bring a strong technical security foundation (+7 years) across application security, cloud and infrastructure security, and secure software supply chain.

You have worked in a SaaS or internet-scale product environment where security had to move at engineering speed.

You are comfortable working close to engineering teams: reviewing designs, challenging assumptions, supporting remediation, and turning security needs into practical improvements.

You enjoy going deep into security tools and using them to improve visibility, prioritization, remediation, and engineering workflows.

You bring hands-on security expertise to identify meaningful risks, evaluate practical impact, and guide pragmatic remediation priorities.

You are comfortable stepping in on urgent or high-impact security topics when needed, including incidents, emerging threats, complex remediations, and fast-moving cross-functional issues.

You thrive in a small team setup — where you own a broad scope, move fast without heavy process, and adapt when priorities shift.

French and English proficiency (working language is English, remote-friendly with occasional presence in Paris).

Bonus Points

• Experience with SOC 2 Type II and third-party risk management in a SaaS environment.
• Experience with Vanta or similar GRC automation platforms.
• Familiarity with AI governance topics or security implications of AI tooling.

---

What’s in it for you?

• Flex Life: While we offer remote, hybrid, & in-office options each position specifies the level of flexibility. Our Parisian office is located next to the Opera Garnier. You will also receive a 500€ stipend to help you set up your ideal workspace if you work hybrid or remotely.
  • If you are full remote, the SNCF dicount card is paid for you to come to our office to visit us & your team!
• Generous Health Benefits: We have partnered with Kenko for your healthcare needs.
• A 100€ annual allowance is provided for a leisure activity of your choice in Sports or Culture.
• Annual allowance of €200 if you come to the office by bike to cover maintenance costs.
• Professional Development: #Weaimhigh is part of our DNA, therefore we have invested in an internal Learning and Development platform and offer the opportunity to request additional training and support via your manager.
• Events & Team building: #We care and we have fun! We organise ****Annual Company-Offsite, Events, Drinks, Winter Party, Lunch & Learns and much more are part of our Culture
• Parent Care: Gift & care packages for parents.
• PTO: Based on the country you are based from (e.g. 25 days in France).

What are the next steps?

• You x Talent Acquisition Manager : first interview and cultural fit
• You x Engineering Manager Damien : technical and cultural fit + Take-home technical challenge
• You x Team: Presentation and review of your "technical proposal" with the team
• You x Member of the leadership team - Discussion about DataDome vision and "raison d'être"!
• Now you really met everyone! Welcome to DataDome :)

DataDome stops cyberfraud and bots in real time, outpacing AI-driven fraud from simple to sophisticated across your sites, apps, and APIs. Named a Leader in the Forrester Wave for Bot Management, the DataDome platform is built on a multi-layered AI engine that focuses on intent, not just identity. Because it’s not about knowing who’s real, it’s about what they intend to do. With thousands of AI models that adapt to every fraudulent click, signup, and login, DataDome blocks fraud in less than 2 milliseconds, without compromising performance. DataDome is fully automated and integrates seamlessly into any tech stack. Backed by a 24/7 SOC team of advanced threat researchers, DataDome stops over 350 billion attacks annually. Experience protection that outperforms with DataDome.

DataDome is an equal opportunity employer, and proud to be committed to diversity and inclusion. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.