Pioneer of online flash sales since 2001 and key player in European e-commerce, Veepee collaborates with over 7,000 brands to offer highly discounted products available for a limited time. Operating across various sectors, including fashion, home, wine, travel or beauty... Veepee achieved a turnover of 3.3 billion euros incl. VAT in 2024 and employs 5,000 staff members across 10 countries.
Organization and team
The cybersecurity team includes Red/Purple/Blue teamers and risk & compliance oriented profiles, all working together to fix security weaknesses with innovative solutions, adapted to business needs. A Bug Bounty program, an authenticated program on our partner-facing platforms, an annual external Red Team engagement and recurring compliance assessments keep us honest, and our radar sharp.
Our threat detection & incident response runs fully in-house, nothing is outsourced: you can touch everything, from detection engineering, case management and response, threat intelligence and the vulnerability lifecycle to the AI agents orchestrated on top of it all. Automation and AI are at the core of everything (who doesn't?): agents triage our alerts 24/7 so humans focus on what matters, an LLM pipeline audits our code, and every confirmed finding feeds a remediation loop with product teams.
-
Attack Veepee's perimeter the way a real adversary would: red team, penetration tests (grey/black/white/AI box), Active Directory attack paths, phishing campaigns and the business web based processes themselves (member journeys, seller flows, payment chains), hunting for logic flaws no scanner will ever find.
Put our risk register and threat intelligence to the test: take a stated risk or an emerging threat and confirm it, or refute it, with a working attack scenario.
Qualify what comes in from the outside: Bug Bounty reports (public and authenticated programs) and alerts escalated by our RAG agents during the cyber-watching rotation.
Convert every confirmed attack path into something that runs without you: a detection rule, a hunting query, an automated control. If a bot can do it, we automate it.
Build and improve the team's tooling: AI-assisted code audit, password auditing, secret hunting, attack-surface monitoring.
Carry your findings through to remediation: explain the impact to product and infra teams, propose the fix, track it through our vulnerability-management lifecycle, and re-attack to prove it's closed.
Share your discoveries with technical and business teams and spread security culture in accordance with day-to-day constraints.
-
The most important thing is motivation! Naturally curious profiles who enjoy proving or disproving that an attack works, and who don't consider the job done until it's fixed.
Solid offensive skills: web and API penetration testing (OWASP), Active Directory attack techniques, and a taste for business-logic abuse beyond the technical stack.
Investigation fundamentals: comfortable digging through EDR, logs and network data to reach a verdict, and turning attacker behavior into detection logic or solid on the offensive side with a strong will to grow there.
Scripting and automation (Python, Bash, PowerShell); interest in AI-assisted security tooling (LLM-based code audit, agentic workflows) is a strong plus.
You document what you do and make it reproducible.
Strong communication skills: you can convince a product team to fix something they didn't want to hear about.
Experience: ~3–5 years in offensive security, detection engineering or a mixed red/blue role.
Language: French and professional English.
✅ BENEFITS
Variable bonus
The dynamic and creative environment within international teams
The variety of self-education courses on our e-learning platform
Participation in meetups and conferences locally and internationally
Flexible Office with up to 2 days at home
Health insurance
1️⃣ 30-minute HR Screen with a Veepee Recruiter
2️⃣ Technical and operational exchange with the team
3️⃣ Last Interview with Head of cybersecurity
We are convinced that it is up to you to define the way you work, to develop yourself, and to progress. At Veepee we guarantee that you can just be yourself!
For the service of diversity and inclusion, Veepee is committed to reviewing all applications received on an equal basis.
COMPANY
For more information about our ecosystem: https://careers.veepee.com
The Veepee Group processes your data collected as part of the management of your recruitment in order to manage your application file for the position for which you have applied. To find out more about our personal data protection policy, we invite you to consult it on our career site.
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.