Security Engineer (DevSecOps / Code Security)

ABOUT US Owkin is an AI company on a mission to solve the complexity of biology. It is building the first Biology Super Intelligence (BASI) by combining powerful biological large language models, multimodal patient data, and agentic software. At the heart of this system is Owkin K, an AI copilot and its new LLM fine-tuned on biology called Owkin Zero, used by researchers, clinicians, and drug developers to better understand biology, validate scientific hypotheses, and deliver better diagnostics and therapies faster. Position is based in remotely in UK or Germany, hybrid (Paris) or remote in France. Please submit your CV in English ABOUT THE ROLE: We are seeking a highly skilled Security Engineer with strong software engineering foundations and expertise in application security, DevSecOps, and cloud-native security. This role is ideal for someone who understands modern engineering workflows and can partner closely with software engineering, platform, and DevOps teams to embed security into the software development lifecycle. You will play a key role in securing applications, improving developer security practices, supporting Kubernetes and AWS environments, and helping Owkin scale secure engineering practices across its AI-driven platform.   IN PARTICULAR, YOU WILL: - Conduct in-depth application security assessments and secure code reviews across frontend and backend systems - Partner with engineering teams to remediate vulnerabilities and improve secure coding standards - Review and secure Git-based development workflows and branching strategies - Integrate security controls into CI/CD pipelines in GitHub and DevSecOps processes - Support cloud-native security initiatives across Kubernetes and AWS environments - Use modern application security tooling, including Wiz Code, to identify and prioritise risks - Develop automation and tooling using Python to support security operations and engineering workflows - Advise developers on secure architecture, threat modelling, and security best practices - Collaborate with DevOps, Platform Engineering, and Software Engineering teams to improve overall security posture - Assist with vulnerability management, risk assessment, and remediation tracking - Contribute to security standards, policies, and developer enablement initiatives - On-call rotation for Wiz alerts (paid at an additional rate)   ABOUT YOU Required qualifications / experience: - Strong frontend and backend software engineering experience - Expert-level knowledge of Git and modern version control workflows - Hands-on application security experience in modern engineering environments - Experience performing manual and automated secure code reviews - Strong understanding of CI/CD pipelines and DevSecOps principles - Practical experience with Kubernetes security and containerised environments - Strong AWS cloud security knowledge - Knowledge of OWASP Top 10, secure coding practices, and vulnerability remediation - Ability to communicate effectively with developers and engineering leadership - Collaborative and pragmatic approach to security Preferred qualifications/bonus: - Experience with Wiz Code or similar application security tooling - Familiarity with Infrastructure as Code tools such as Terraform or CloudFormation - Knowledge of container security and Kubernetes hardening - Experience integrating security tooling into developer workflows - Relevant certifications such as AWS Security Specialty or Kubernetes Security certifications, would be a bonus - French-speaking would be a bonus, but not essential    #LI-HB1 WHAT WE OFFER - Flexible work organization - Friendly and informal working environment - Opportunity to work with an international team with high technical and scientific backgrounds RECRUITMENT PROCESS & SECURITY - Please complete the form and submit your CV. - Owkin is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, sex, gender, sexual orientation, age, color, religion, national origin, protected veteran status or on the basis of disability. - Owkin is a great place to work. As a coveted workplace we are, unfortunately, vulnerable to recruitment phishing scams. We urge all job seekers and candidates to be wary of potential scams. Most of these have individuals posing as representatives of prominent companies, including Owkin, with the aim of obtaining personal, sensitive, or financial information from applicants. These scams prey upon an individual’s desire to obtain a job and can sometimes “feel” like a genuine recruitment process. Some red flags are identified below. Should you encounter a recruitment process that claims to be for Owkin but is not consistent with the below, please do not provide any personal or financial information: - Legitimate Owkin recruitment processes include communication with candidat