Senior Application Security Engineer

Hybrid
- Leiden, Zuid-Holland, Netherlands
Product & Tech

Job description

We are looking for a Senior Application Security Engineer to join our Engineering team ⭐ This is a largely autonomous, hands-on role sitting at the intersection of secure software development and cloud infrastructure security. You'll have real ownership over our security posture, working across the full engineering organisation to drive meaningful, lasting improvements, rather than just maintaining the status quo.

What will you do as our Senior Application Security Engineer?

Your role will span both secure software development and cloud infrastructure security 🎯 A core focus will be working hands-on with engineering teams to embed security best practices throughout the development lifecycle. This will cover input validation, authentication and authorisation, secure data handling, and protection against common attack vectors. You'll also lead security improvements within our Azure hosting environments, working closely with the DevOps Team to ensure identity, network security, encryption, and platform hardening are correctly implemented ✅

You'll own the end-to-end technical handling of vulnerabilities identified through penetration tests, automated scanning, and internal reviews, analysing findings, prioritising remediation based on risk, and either implementing fixes directly or driving resolution with the responsible teams 🤝 In parallel, you'll implement and maintain security scanning and monitoring tools across our CI/CD pipelines, improving automation for vulnerability detection and secure deployment practices 🔒

Collaboration is key as you'll provide security input into architectural decisions, new integrations, and high-impact technical initiatives. You’ll support teams with threat modelling and secure design reviews to ensure security is considered early rather than retroactively. During security incidents, you'll work closely with the Head of Tech and the Security Team to provide hands-on investigation, containment, and corrective action 🌟

Job requirements

What makes you the ideal Senior Application Security Engineer?

A bachelor's (HBO) degree in IT, Computer Science, Cybersecurity, or a related field,
Proven hands-on experience in application security and/or cloud security engineering in .NET,
Able to work relatively autonomously on complex security challenges, including:
- Secure software development practices
- Infrastructure and cloud security within Azure
- Vulnerability management
- Security tooling and automation within CI/CD pipelines and production environments

Experience working with or managing external penetration testing engagements and translating findings into technical action,
Ability to provide security guidance and conduct threat modelling and secure design reviews with engineering teams,
Strong communication skills in English, with the ability to explain security risks and trade-offs clearly to both technical and non-technical stakeholders,
Currently living within commuting distance of Leiden, Netherlands.

Nice to have (but not essential)

Experience with GRC frameworks, or working alongside compliance and governance functions,
Familiarity with security standards and frameworks such as ISO 27001, NIST, or SOC 2,
Prior experience in a SaaS company.

Why you’ll love working here

You’ll be working in an open and collaborative company with +/-200 colleagues of over 40 different nationalities 🌎
We offer a professional, yet informal work environment, where it’s easy for you to try new things, share your ideas, and make an impact
Work-life balance: we enable people to work in ways that suit their working style, which is why we offer flexible hours and hybrid-working
Our Happy & Healthy Team organises numerous wellbeing initiatives to keep us all… happy & healthy, including various social activities such as bouldering, ice-skating ⛸️, game nights 🎲, and picnics 🍽️
We make sure you have a comfortable and ergonomic work set-up, both at home and at the office, plus all of the tools (and swag 👕) you need to do your job well
We want to make sure everyone is supported mentally and emotionally which is why we provide free access to mental healthcare support
You’ll be granted equity benefits, have access to financial coaching, and receive a 6% pension contribution, so that we can grow together 🌱

You’ve applied. What’s next?

We want all of our candidates to enjoy a smooth and efficient experience with us which is why we aim to get back to you regarding your application within 2 business days. The first step is a screening call with a member of the recruitment team. This is followed by video meetings with our Engineering and Technology Directors, and a visit to our office in Leiden. Our interview process tends to take +/-3 weeks to complete 💙

AI use in job applications

Excessive AI use in CVs and cover letters is discouraged. We’re most interested in hearing your genuine voice and understanding the person behind the application.

My information

Fill out the information below

Full name

Email address

Phone number

CV or resume

Upload your CV or resume file

Upload a file or drag and drop hereAccepted files: PDF, DOC, DOCX, JPEG and PNG up to 50MB.

Cover letter

Upload your cover letter

Upload a file or drag and drop hereAccepted files: PDF, DOC, DOCX, JPEG and PNG up to 50MB.

Questions

Please fill in additional questions

Do you have application security experience in .NET?

Yes

Do you currently live within commuting distance of Leiden, Netherlands?

Yes

Legal Agreements

Job Applicant Privacy Policy
As part of any recruitment process, ChannelEngine collects and processes personal data relating to job applicants. We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations.
Personal data that we can process
We collect a range of information about you. 
This includes:
Identification and contact details (eg first and last name, date and place of birth, address, telephone number, e-mail address, titles and gender);
Data related to professional experience (e.g. career, job performance, employment history and previous employers), including data references in the CV;
Information related to education (e.g. diplomas, certificates, (foreign) internships and special training);
Memberships;
Language skills;
Any other personal data communicated or provided by the applicant during the application.
We may collect this information in a variety of ways. For example, data might be contained in the online application process, CVs or resumes, or collected through interviews or other forms of assessment.
We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer has been made to you.
Data may be stored in a range of different places, including in your application record, in HR systems and on other IT systems (including email).
For what purpose and on what basis do we process personal data?
We need to process data to take steps at your request prior to entering into a contract with you. We may also need to process your data to enter into a contract with you.
In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, where required by local law we are required to check that you are eligible to work in the country where we are hiring before employment starts.
We have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. 
Who has access to data?
Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff, if access to the data is necessary for the performance of their roles.
We will not share your data with third parties, unless your application for employment is successful and we offer you employment. We will then share your data with your former employers to obtain references for you. 
How we protect personal data
We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
Retention period
If your application for employment is unsuccessful, ChannelEngine will hold your data on file for 4 weeks from the date of your original application.
For consideration for future employment opportunities, we will ask for your explicit consent to keep your data for this purpose. At the end of the 12 month period, your data will be erased from our records. You are free to withdraw your consent at any time. Please email recruitment@channelengine.com to let us know if you wish to withdraw your consent.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to an electronic HR file set up in your name and retained during your employment. 
Your rights
You have the right to access, correct or delete your personal data. In addition, you have the right to withdraw your consent to the data processing or to object to the processing of your personal data by ChannelEngine, and you have the right to data transferability. This means that you can submit a request to us to send the personal data that we have about you in a computer file to you or to another organisation you have mentioned. You can send a request for access, correction, deletion or data transfer of your personal data or for the withdrawal of your consent or objection to the processing of your personal data to recruitment@channelengine.com.﻿
In order to be sure that the request for inspection has been made by you, we ask you to send us a copy of your identity document with the request. In this copy, make your passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and Social Security number (BSN) in black. This is to protect your privacy. We will respond to your request as soon as possible but within four weeks.
ChannelEngine would also like to point out to you that you have the opportunity to lodge a complaint with the national supervisory authority, the Personal Data Authority. You can do this via the following link: https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons﻿
Automated decision-making
Recruitment processes at ChannelEngine are not based solely on automated decision-making.
Amendments
We reserve the right to make changes to this privacy policy. These changes will be announced in a clear and timely manner on this website.
Version 2.0
07-09-2023

Senior Application Security Engineer

Job description

Job requirements

All done!

You've already applied for this job