Hermès Application Security & Cloud Engineer

About Hermès

This prestigious fashion house, renowned for its timeless elegance and innovative designs, is a part of a leading global luxury conglomerate. The brand is committed to excellence and offers a dynamic environment where creativity and business acumen are equally valued.

Role & Responsibilities

• Integrate security controls and automated testing (SAST, DAST, SCA) into CI/CD pipelines and Secure-SDLC processes, ensuring compliance with organizational security policies
• Design and implement DevSecOps strategies and tools to address evolving threats and emerging technologies, including AI-driven security challenges
• Develop and secure serverless (Lambda, API Gateway) and microservices environments
• Oversee cloud security posture management via CNAPP platforms, including alert management, policy tuning, risk prioritization, and remediation tracking with business teams
• Define and enforce Infrastructure-as-Code security policies and cloud guardrails using Policy-as-Code tools
• Conduct regular security audits of development and production environments to ensure compliance with regulatory and internal standards
• Educate development and operations teams on DevSecOps best practices and guide integration of security standards into IT projects
• Contribute to continuous improvement of cybersecurity standards and processes across the organization
• Deliver regular reporting on project progress and security activities to stakeholders, present audit results and remediation actions at steering committee meetings
• Prioritize and manage multiple concurrent initiatives in a dynamic, matrix-based environment

Qualifications

• Bachelor's degree (Bac+5) in Engineering or equivalent university credential
• Minimum 4 years of professional experience in application security and cloud security domains
• Hands-on expertise with DevSecOps solutions including CI/CD, Infrastructure-as-Code, SCA, SAST, SCM, and DAST tools
• Advanced proficiency in cloud environments (AWS, GCP, Alibaba) and associated Infrastructure-as-Code tools with security-oriented approach
• Development and automation competencies, particularly in Infrastructure-as-Code
• Solid understanding of cybersecurity concepts and threat landscapes
• Demonstrated pedagogical ability to communicate complex technical subjects to diverse audiences
• Strong listening skills and collaborative mindset
• Rigorous, organized approach with excellent synthesis capabilities
• Fluent English (reading, writing, speaking) in an international context

Skills

Experience

At least 4 years of professional experience focused on application security and cloud security. Demonstrated expertise in DevSecOps platforms and tooling, cloud infrastructure security, and hands-on implementation of security controls within development environments. Experience working within cross-functional teams including developers, operations, architects, and Chief Information Security Officer (CISO) organizations.

Education

Bachelor's degree (Bac+5) from an accredited engineering school or equivalent university-level qualification.

Workplace

Culture

The company fosters a collaborative and innovative culture, encouraging employees to push the boundaries of creativity while maintaining a strong commitment to sustainability and ethical practices.

About Cerulean

Cerulean is the definitive career portal for the global luxury industry. We match exceptional professionals with exclusive opportunities at the world's most prestigious brands. From haute couture and fine watchmaking to prestige beauty, hospitality, and boutique retail, Cerulean centralises luxury employment to help you find the career for which you were destined.