Yousign (soon to be Youtrust) is a European Digital Trust provider, fully compliant with eIDAS and the highest European standards. Our three modules – electronic signatures, identity and document verification, and e-seals – can be used independently or combined within sector-specific workflows, ensuring simple, secure and legally compliant processes for SMEs and mid-sized companies.
Hosted and processed entirely in Europe, we guarantee sovereignty, transparency and reliability. As a certified B-Corp, we combine innovation with responsibility – building trust at the heart of every digital exchange.
We are entering a key moment as we expand from eSignature to the full Digital Trust chain.
As a Security Engineer at Yousign, you are the embedded security partner for the entire company, with Product as your primary internal client. You lead Yousign's security review cycle end-to-end on prioritized initiatives: from understanding the context of a new feature or project, to issuing your requirements and guidance, supporting implementation, and unblocking through risk management when needed.
You own and operate the pentest and BugBounty programs and ensure consistent, pragmatic security coverage across all team initiatives, from Engineering and Product to cross-functional projects company-wide.
You also step into the topics that make Yousign a Digital Trust provider: the security of our Trusted Zone, our fraud detection and prevention efforts, and our regulatory compliance (eIDAS, NIS2, ISO 27001). You won't own every one of these, but you contribute wherever the team needs you — your specialization defines where you spend most of your time, not a silo you stay inside.
Lead the end-to-end security review cycle for all product features: context intake, Decision Records, implementation support, and risk-based unblocking.
Own and operate Yousign's BugBounty program: triage reports, drive remediation, and manage reward decisions.
Identify, prioritise, and track remediation of vulnerabilities across Yousign's product and infrastructure perimeter.
Contribute to the security of the Trusted Zone, and to fraud detection and prevention, alongside the Security & Compliance team.
Support regulatory compliance (eIDAS, NIS2, ISO 27001): help translate requirements into technical controls, and contribute to audits and remediation when needed.
Extend security expertise beyond Product to all company initiatives: assess risks, issue guidance, and maintain a consistent security posture company-wide.
Take part in the team's weekly on-call ("doctor") rotation, and build automation (n8n, AI tooling, alerting) to reduce manual toil.
Raise the security bar across Engineering and beyond: share knowledge, coach teams on secure-by-design practices, and build security awareness.
You have deep, hands-on expertise in web application and API security, you know attack and defense mechanisms inside out and can spot a vulnerability in a PR or architecture diagram.
You are able to independently run threat modeling sessions, produce clear Decision Records, and translate security risks into actionable requirements for engineering teams.
You have experience managing vulnerabilities across a product perimeter: triaging, prioritising, tracking remediation, and knowing when to accept risk versus escalate.
You have participated in or run BugBounty programs. You understand triage workflows, reward logic, and how to communicate decisions clearly to researchers.
You use AI actively to automate parts of your security work, CVE monitoring, BugBounty triage, report generation, and you think critically about how to integrate AI into existing workflows rather than simply adding tools.
You are comfortable working across domains. Your core is product security, but you are happy to contribute to compliance topics (eIDAS, NIS2, ISO 27001), to fraud detection and prevention, and to the security of a Trusted Zone. Prior exposure to a regulated or Digital Trust environment is a strong plus.
You are genuinely self-sufficient: you pick up a brief, define the scope, and deliver without hand-holding. You are comfortable in ambiguous, fast-moving environments.
You are pragmatic by nature. You do not block for the sake of blocking. You find the right balance between security rigour and business velocity, and you know when to escalate versus when to accept risk.
You communicate clearly and simply. You can explain a complex vulnerability to a non-security engineer in two minutes, and you coach without being preachy.
You are genuinely curious: you follow threat intel, participate in CTFs, and keep your technical edge sharp because you care about the craft.
French at a native or near-native level (C2) is required. English at a professional working level (B2) is required for security research, technical documentation, and communication with international BugBounty researchers.
R1 — TAM Interview with Guillhem Cambiganu (30 min)
R2 — Hiring Manager Interview with Tony Belot (45–60 min)
R3 — Technical Interview: slide deck presentation + peer discussion with Tony Belot and a member of the Security & Compliance team (1H)
R4 — Director Interview with Kevin Dubourg (30 min)
Salary: 53 000 – 79 000 EUR
Stock options - BSPCE
Meal vouchers (Swile): 10.50 EUR/day, 50% covered by Yousign
Health insurance (Alan): 50% covered by Yousign
Life & disability insurance: 100% employer-covered
Wellbeing: Axomove (4 physio sessions) and Moka.care (6 therapy/coaching sessions)
Transportation: 50% reimbursement for public transport for hybrid workers
Leeto: Access to numerous employee discounts
Time off: 10 RTT days/year, plus menstrual leave, parenthood benefits, seniority days
1 volunteering day/year, learning & development budget, and more
A mission that matters in a world challenged by AI-driven fraud
A vision built on integrity
A European & sovereign platform
A certified B Corp
The golden age of Yousign
