Senior Security Engineer - Amsterdam

As a Security Engineer, we will onboard you within the HEMA Security Office, HEMA’s central security organisation. The atmosphere? Informal and dynamic. The challenges? Every day is different. Acting on security incidents and helping over 19,500 colleagues become (and stay!) security-aware are at least part of your role as a Security Engineer. Together with other Security Engineers, Security Analysts and internal and external colleagues from the HEMA Security Office, you will ensure that HEMA becomes a little more secure every day. A role with extraordinary impact, because if you live up to that ambition, you will keep every day not only affordable, but also secure. So the stakes are high, just like the eventual payoff. 

To best protect our organisation from threats, you have an important role at HEMA as a Security Engineer. In this role, you will report directly to the Chief Information Security Officer (CISO), but will collaborate a lot with HEMA’s Digital teams. Among other things, you will be involved in shaping the security elements of our IT architecture, helping transform DevOps into true DevSecOps teams and implementing internal security projects. In addition, you will help streamline security processes and be the security partner for our internal teams, thinking (pro)actively about security across the organisation. 

With your hands-on experience, you will bring a fresh perspective to all parts of the IT organisation. From all the headquarters departments to the Utrecht distribution centre and from our own stores at home and abroad to the franchisees. You will also work with external stakeholders such as suppliers, partners, consultants, auditors and the Security operations Centre (SOC).You must be able to provide solicited and unsolicited advice and information to the IT organisation on various implementations for the benefit of IT security.

• You will be the go-to person for security issues at HEMA and are the link between technology, security and the business
• You will actively contribute to the secure design of our DevOps lifecycles
• You will manage and orchestrate security tooling throughout the organisation
• You will push security to a higher level among technical teams in particular
• You will perform security assessments/pentests and help colleagues interpret and eliminate security risks
• You will work with internal and external colleagues/partners on one of many security projects, from network architecture to Security monitoring
• You will help grow the HEMA Security Office in terms of people, technology and processes

This is what we like to work with:

• An external Security operations centre at one of our security partners
• Vulnerability management tooling, on-prem and in the cloud
• A laptop for locally building and running tools, scripts, etc.
• Jira Service Management, Confluence and TOPdesk
• Are we missing something? Build it yourself

• A small team, in which freedom, trust and continuous development are number one... And pizza and caffeine a close second
• Development and security community: As a technical security team, we understand that learning does not stop at attending training courses such as OSCP and CISSP. You get the extra value from learning from other security experts at events such as Troopers, MCH, BruCon, DefCon and by participating in CTFs. We provide room for this, because all work and no play makes Jack a dull boy
• The toys and tools you need to do your job
• A gross salary between €4,100 and €6,000
• Travel and expense allowance, a fixed (!) bonus of 4%, a variable bonus of up to 14%, a pension scheme and a generous discount on everything that makes HEMA extraordinarily good
• A unique setting: a fast-moving retailer and the most archetypal Dutch brand, with its own product development and international reach
• Flexibility: you can work where you work best (by agreement)
• Nice headquarters: At the NDSM wharf, above a bustling HEMA store
• The chance to make the everyday lives of millions more fun and the everyday lives of your 19,500 global colleagues extraordinarily more secure

• You combine a relevant IT (security) HBO (higher professional education) or WO (university) degree with a tremendous passion for security, as shown through your interests, projects, Capture the Flag scoreboards or your endless insights into specific security topics
• You have solid knowledge of what is happening in information security and are able to translate these developments into consequences and actions for HEMA
• Experience and certifications in Offensive Security (Red), Security Operations (Blue) and/or Risk Management. These include certifications such as OSCP, OSEP, eCPPT, CRTP, CSFA, eCMAP, GCFA, CISM and CISSP
• You have excellent communication skills and are good at building bridges between technology, security and business. Your verbal and non-verbal soft skills are as great as your passion for security
• You feel at home in a dynamic environment where driven teams work at a rapid pace and with great drive
• You have a pragmatic attitude and like to get things done ‘quickly’
• Because we work internationally, good knowledge of the English language (spoken and written) is no problem for you