Catawiki · Netherlands · onsite · —
<div class="content-intro"><p>At Catawiki, every day brings the extraordinary! Whether it’s <a href="https://www.catawiki.com/en/c/583-sports-memorabilia">Daniel Ricciardo’s Formula 1 Car</a>, a <a href="https://www.catawiki.com/en/c/579-fossils">Woolly Mammoth’s Skeleton</a>, <a href="https://www.catawiki.com/en/l/10035805">Lady Gaga's Jumpsuit</a> or <a href="https://www.catawiki.com/en/c/583-sports-memorabilia">Usain Bolt’s running shoe</a>, we encounter exceptional objects every day.</p> <p>We’re a one-of-a-kind marketplace for buying and selling special objects. Each week, more than 100,000 unique items are auctioned, all carefully curated by our passionate in-house experts.</p> <p>Having sold over 25 million unique objects, our mission is to become the world’s most popular destination for special objects. As a growing, diverse and sustainable scale-up, we proudly live by three core values. If these values resonate with you, we’d love to explore how you can join us.</p> <ul> <li>Taking ownership and driving impact&nbsp;</li> <li>Being open to change and feedback</li> <li>Being passionate about our mission and our customers.&nbsp;</li> </ul></div><h3><strong>About the Role and Team</strong></h3> <p>As a Security Engineer, you’ll join our Security function and work closely with Platform Engineers, development teams, Legal, IT, Trust &amp; Safety teams to ensure the protection of our platform, our users, and their data. You’ll help build and maintain a strong security foundation across our systems — including our emerging use of AI — making security a natural part of how we design, build, and operate at scale.</p> <p>In this role, you’ll operate in a highly collaborative, engineering-driven environment where security is a shared responsibility. You’ll combine hands-on technical work with cross-functional partnership, enabling secure product development, guiding teams through best practices, and helping Catawiki maintain user trust while continuing to grow securely and responsibly in an AI-enhanced environment.</p> <h3><strong>What You’ll Do</strong></h3> <ul> <li>Identify, assess, and remediate security vulnerabilities across applications, infrastructure, internal services, and AI/ML pipelines.</li> <li>Conduct secure code reviews, threat modeling, and security assessments for new features, architectural changes and legacy components.</li> <li>Implement and maintain secure storage mechanisms, encryption practices, secrets management, and key management solutions.</li> <li>Define, document, and enforce security policies, standards, and best practices throughout the software development lifecycle (SDLC), including AI-related data handling and model governance.</li> <li>Collaborate closely with Platform Engineers to integrate security into CI/CD pipelines, infrastructure-as-code, runtime environments.</li> <li>Work with Legal, IT, Trust &amp; Safety teams to ensure compliance, support investigations, manage security requirements.</li> <li>Participate in incident response — investigate security events, triage issues, support remediation, and strengthen preventive controls.</li> <li>Raise security awareness across the company by providing guidance, training, and proactive support for secure development, AI safety, and system design.</li> <li>Contribute to long-term security strategy by evaluating emerging threats — including those involving AI — identifying opportunities for automation, and recommending new tools or processes.<br><br></li> </ul> <h3><strong>Who You Are</strong></h3> <ul> <li>You have <strong>development experience in Ruby, Python, or a similar language</strong>, and you’re comfortable reviewing and contributing to backend codebases.</li> <li>You bring&nbsp;<strong>3+ years of hands-on security engineering experience</strong>, ideally in a cloud-based or high-traffic environment.</li> <li>You understand application, infrastructure, and AI/ML security principles, and you can navigate risk within data pipelines and model-driven systems.</li> <li>You have strong knowledge of secure coding practices and common vulnerabilities (OWASP, SANS) across both traditional and AI-enabled services.</li> <li>You’re experienced with secure code reviews, threat modeling, and designing practical and scalable mitigations.</li> <li>You have a solid understanding of cryptography, encryption, key management, secrets handling, and secure data storage.</li> <li>You’re familiar with integrating security into modern SDLC practices — including pipelines, IaC, cloud-native environments, and emerging AI workflows.</li> <li>You communicate clearly and collaborate effectively with engineering and non-engineering teams..</li> <li>You’re proactive, curious, and comfortable driving initiatives that strengthen our long-term security posture.</li> </ul><div class="content-conclusion"><div class="text text-align-left "> <h3><strong>Why You'll Love Working with Us</strong></h3> <ul> <li><strong>Create a visible impact </strong>by working at scale in a global organisation serving millions of customers across 80+ categories. In our flat structure, every role has a broad scope and directly impacts both our customers and the business.</li> <li><strong>Learn and grow</strong> through our Learning &amp; Development initiatives, including clear development plans and mentorship programmes to support your career progression.</li> <li><strong>A culture of connection defines us</strong>. We’re a passionate, diverse team of 800+ Catawikians representing 60+ nationalities. We foster an inclusive and queer-friendly environment where everyone is encouraged to bring their full self to work.</li> <li><strong>Celebrate life’s moments with us. </strong>You’ll receive a €100 Catavoucher when you join, a €50 Catavoucher on your birthday, and an extra day off each year to “Pursue Your Passion<strong>”</strong>. We also offer additional leave for key work anniversaries and important life events. Benefits may vary by location.</li> </ul> <h3><strong>Our Offices and Way of Working</strong></h3> <p class="p1">Our vibrant offices in Amsterdam, Paris and Lisbon are designed to inspire collaboration. Most Catawikians operate in a hybrid setup, combining office-based and remote work, with a minimum of two days per week in the office, unless a role is explicitly stated as fully remote or fully office-based.</p> </div> <h3><strong>Interested?</strong></h3> <p class="p1">Apply with an English CV and Cover Letter. By applying, you agree to <a href="https://www.catawiki.com/conditions/applicant-privacy-policy.pdf">Catawiki’s Applicant Privacy Policy.</a> If you’re excited about this role but don’t meet every requirement, we still encourage you to apply anyway. You may be just the right candidate for this or other roles.</p></div>
Niet duidelijk uit deze vacaturetekst.
Niet duidelijk uit deze vacaturetekst.
Quick Apply schrijft je brief, bewaart de rol en kopieert de tekst. Jij reviewt en verzendt zelf.
Korte, eerlijke brief op basis van je persona en deze vacature. Lees na, pas aan, plak in.
Werkgever
Waarden en cultuur
Rol
Taken, skills en fase
Context
Locatie en randvoorwaarden
We kennen je interesses nog niet goed genoeg — voeg er een paar toe om dit scherper te krijgen.
Werkstijl-signalen zijn aan beide kanten dun — doe meer van de assessment.
Nog niet genoeg signaal over waarden om dit met vertrouwen te scoren.
Skills-check is oppervlakkig — upload een CV of voeg sterke punten toe.
Deze rol is een stretch in beide richtingen — bewust of niet, het ligt aan jou.
Een harde randvoorwaarde sluit dit mogelijk uit (locatie, salaris, of visum).