Les missions du poste


Pioneer of online flash sales since 2001 and key player in European e-commerce, Veepee collaborates with over 7,000 brands to offer highly discounted products available for a limited time. Operating across various sectors, including fashion, home, wine, travel or beauty... Veepee achieved a turnover of 3.3 billion euros incl. VAT in 2024 and employs 5,000 staff members across 10 countries.Organization and teamThe cybersecurity team includes Red/Purple/Blue teamers and risk & compliance oriented profiles, all working together to fix security weaknesses with innovative solutions, adapted to business needs. A Bug Bounty program, an authenticated program on our partner-facing platforms, an annual external Red Team engagement and recurring compliance assessments keep us honest, and our radar sharp.Our threat detection & incident response runs fully in-house, nothing is outsourced: you can touch everything, from detection engineering, case management and response, threat intelligence and the vulnerability lifecycle to the AI agents orchestrated on top of it all. Automation and AI are at the core of everything (who doesn't?): agents triage our alerts 24/7 so humans focus on what matters, an LLM pipeline audits our code, and every confirmed finding feeds a remediation loop with product teams.ResponsibilitiesAttack Veepee's perimeter the way a real adversary would: red team, penetration tests (grey/black/white/AI box), Active Directory attack paths, phishing campaigns and the business web based processes themselves (member journeys, seller flows, payment chains), hunting for logic flaws no scanner will ever find.Put our risk register and threat intelligence to the test: take a stated risk or an emerging threat and confirm it, or refute it, with a working attack scenario.Qualify what comes in from the outside: Bug Bounty reports (public and authenticated programs) and alerts escalated by our RAG agents during the cyber-watching rotation.Convert every confirmed attack path into something that runs without you: a detection rule, a hunting query, an automated control. If a bot can do it, we automate it.Build and improve the team's tooling: AI-assisted code audit, password auditing, secret hunting, attack-surface monitoring.Carry your findings through to remediation: explain the impact to product and infra teams, propose the fix, track it through our vulnerability-management lifecycle, and re-attack to prove it's closed.Share your discoveries with technical and business teams and spread security culture in accordance with day-to-day constraints.Required skillsThe most important thing is motivation! Naturally curious profiles who enjoy proving or disproving that an attack works, and who don't consider the job done until it's fixed.Solid offensive skills: web and API penetration testing (OWASP), Active Directory attack techniques, and a taste for business-logic abuse beyond the technical stack.Investigation fundamentals: comfortable digging through EDR, logs and network data to reach a verdict, and turning attacker behavior into detection logic or solid on the offensive side with a strong will to grow there.Scripting and automation (Python, Bash, PowerShell); interest in AI-assisted security tooling (LLM-based code audit, agentic workflows) is a strong plus.You document what you do and make it reproducible.Strong communication skills: you can convince a product team to fix something they didn't want to hear about.Experience: ~3-5 years in offensive security, detection engineering or a mixed red/blue role.Language: French and professional English.?BENEFITSVariablebonusThedynamicandcreativeenvironmentwithininternationalteamsThevarietyofself-educationcoursesonoure-learningplatformParticipationinmeetupsandconferenceslocallyandinternationallyFlexibleOfficewithupto2daysathomeHealth insurance??RECRUITMENTPROCESS130-minuteHRScreenwithaVeepeeRecruiter2Technicaland operational exchangewiththe team3 Last Interview with Head of cybersecurityWeareconvincedthatitisuptoyoutodefinethewayyouwork,todevelopyourself,andtoprogress.AtVeepeeweguaranteethatyoucanjustbeyourself!Fortheserviceofdiversityandinclusion,Veepeeiscommittedtoreviewingallapplicationsreceived onanequalbasis.??COMPANYFormoreinformationaboutourecosystem:The Veepee Group processes your data collected as part of the management of your recruitment in order to manage your application file for the position for which you have applied. To find out more about our , we invite you to consult it on our career site. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

Postuler sur le site du recruteur

Ces offres pourraient aussi vous correspondre.

Recherches similaires

L’emploi par métier dans le domaine Informatique à Paris