Lead Security Engineer

We're a product-first team on a mission to help grow the cybersecurity culture 🔐
We want to instill cybersecurity good practices to employees in a way that's actually effective, and entertaining enough so that employees don't feel like they're working. Think Duolingo but for cybersecurity.
We created a platform to easily rollout a cybersecurity awareness program: the platform sends chat-based 4-minutes long courses to teams. Following the courses, the other side of the platform simulates phishing attacks, to prepare employees to face hackers — but in a safe environment.
Created in 2020, Riot has raised $30m with leading investors (Y Combinator, Left Lane, Base10, Funders Club and Frst Capital) and is now protecting more than 1 million employees in over 1,500 companies (including Intercom, Deel, and Deezer) all over the world.
Cybersecurity is everywhere. It's impacting everyone, everyday, and it's becoming the number one risk to any organization, whether it's a small business or a big firm. Yet, the cybersecurity culture in most companies is a disaster. Hackers are leveraging this by targeting the weakest link: the employees. We're on a mission to fix that.
As the first Security Engineer in our organization, you will lead and define our security strategy across IT management, security programs, compliance, and application security (AppSec). You will play a crucial role in ensuring our infrastructure, software, and processes are secure, scalable, and compliant with industry standards. This is an opportunity to establish and drive security initiatives from the ground up in a dynamic cybersecurity environment.
What you will do 🤝
- Lead security initiatives like bug bounty, penetration testing, app monitoring, dependency management, and secure IaC with DevOps.- Maintain SOC2 compliance, implement ISO27001, and manage audits and third-party security reviews.- Embed security into development workflows, fix vulnerabilities, and deploy AppSec tools and processes.- Manage IT operations including MDM, employee access, and infrastructure security controls.

Who you are 🪪

• Experience: 3-7 years experience in security engineering or software engineering.
• Familiarity with SOC2, ISO27001, and compliance frameworks.
• You have hands-on experience with bug bounty programs, penetration testing programs, and vulnerability management.
• You have strong communication and ability to work collaboratively with engineering and cross-functional teams.
• You have a full professional proficiency in English and native in French
• You're based in Paris or you're willing to relocate

It will be a cultural fit if 🫂

• You're a doer: not afraid to get your hands dirty and get things done
• You have high standards: expect performance to be nothing short of the best
• You are an enthusiastic at heart: exhibit passion and excitement over work

Why join us at Riot 💜

• Join a healthy-financial company: we already are break-even, fundraising helps us to accelerate our scale!
• Contribute to a fast-moving environment where growth is real—our revenue grew by an impressive 2.5x in 2024!
• Experience the energy of a collaborative team in our modern and cosy office located in heart of Paris: Le Marais

Recruitment process 🎙️

• First call with the software engineer currently leading the security effort (30min)
• Onsite case study with the CTO (2hr)

At RIOT, we believe that diversity drives innovation and inclusion fosters belonging. We are committed to building a team that reflects a wide range of perspectives, backgrounds, and experiences. We welcome candidates from all walks of life and are dedicated to creating an environment where everyone feels valued, respected, and empowered to thrive.
Please note that this is an on-site position with up to 2 days per week of remote work.