Senior Application Security Engineer

Your role will span both secure software development and cloud infrastructure security A core focus will be working hands-on with engineering teams to embed security best practices throughout the development lifecycle. This will cover input validation, authentication and authorisation, secure data handling, and protection against common attack vectors. You'll also lead security improvements within our Azure hosting environments, working closely with the DevOps Team to ensure identity, network security, encryption, and platform hardening are correctly implemented

You'll own the end-to-end technical handling of vulnerabilities identified through penetration tests, automated scanning, and internal reviews, analysing findings, prioritising remediation based on risk, and either implementing fixes directly or driving resolution with the responsible teams In parallel, you'll implement and maintain security scanning and monitoring tools across our CI/CD pipelines, improving automation for vulnerability detection and secure deployment practices

Collaboration is key as you'll provide security input into architectural decisions, new integrations, and high-impact technical initiatives. You'll support teams with threat modelling and secure design reviews to ensure security is considered early rather than retroactively. During security incidents, you'll work closely with the Head of Tech and the Security Team to provide hands-on investigation, containment, and corrective action

Do you have a Bachelor's degree?, * A bachelor's (HBO) degree in IT, Computer Science, Cybersecurity, or a related field,

• Proven hands-on experience in application security and/or cloud security engineering in .NET,
• Able to work relatively autonomously on complex security challenges, including:

• Secure software development practices
• Infrastructure and cloud security within Azure
• Vulnerability management
• Security tooling and automation within CI/CD pipelines and production environments

• Experience working with or managing external penetration testing engagements and translating findings into technical action,
• Ability to provide security guidance and conduct threat modelling and secure design reviews with engineering teams,
• Strong communication skills in English, with the ability to explain security risks and trade-offs clearly to both technical and non-technical stakeholders,
• Currently living within commuting distance of Leiden, Netherlands.

Nice to have (but not essential)

• Experience with GRC frameworks, or working alongside compliance and governance functions,
• Familiarity with security standards and frameworks such as ISO 27001, NIST, or SOC 2,
• Prior experience in a SaaS company.

Pulled from the full job description

• Flexible schedule, You'll be working in an open and collaborative company with +/-200 colleagues of over 40 different nationalities
• We offer a professional, yet informal work environment, where it's easy for you to try new things, share your ideas, and make an impact
• Work-life balance: we enable people to work in ways that suit their working style, which is why we offer flexible hours and hybrid-working Our Happy & Healthy Team organises numerous wellbeing initiatives to keep us all… happy & healthy, including various social activities such as bouldering, ice-skating ️, game nights , and picnics
• ️ We make sure you have a comfortable and ergonomic work set-up, both at home and at the office, plus all of the tools (and swag
• ) you need to do your job well
• We want to make sure everyone is supported mentally and emotionally which is why we provide free access to mental healthcare supportYou'll be granted equity benefits, have access to financial coaching, and receive a 6% pension contribution, so that we can grow together