Skip to content
MVPeople Group Logo
MVPeopleGroup
Application Security

Staff Application Security Engineer

AmsterdamPermanentHybridSenioroverige
Apply nowAsk a question

About the assignment

You own application security at scale. The organisation trusts you to set standards, conduct threat modelling, and ensure developers ship secure code without slowing delivery.

You're not just reviewing pull requests. You architect security controls, lead secure code reviews on critical systems, and define AppSec policies that stick. You work across multiple teams, translating security requirements into practical guidance.

Your impact spans the entire development ecosystem—from CI/CD pipelines to pre-production security testing. You reduce vulnerability density, improve patch velocity, and build a security-aware engineering culture.

Your responsibilities

  • Design and maintain application security architecture standards across all development teams
  • Conduct threat modelling and security design reviews for critical applications and APIs
  • Build and maintain secure code review processes and SAST/DAST automation in CI/CD pipelines
  • Lead vulnerability assessment programs, prioritise findings, and track remediation metrics
  • Mentor developers on secure coding practices and OWASP top 10 prevention techniques
  • Own supply chain security: dependency scanning, SCA tooling, and third-party library risk management
  • Collaborate with cloud and infrastructure teams on runtime security and container hardening
  • Report AppSec metrics and risk posture to security leadership and business stakeholders

Tech Stack & Tools

Platforms & Tooling

Burp SuiteSonarqubeCheckmarx or FortifyDependabot or SnykOWASP ZAP

Frameworks & Standards

OWASP Top 10 and OWASP ASVSCWE/CVSSSTRIDE threat modellingSecure SDLC (sSSLM)

Cloud & Infrastructure

AWS (CodePipeline, CodeBuild security)Azure DevSecOpsContainer security (Docker, Kubernetes, ECR/ACR scanning)

Methodologies

Code review and secure code principlesApplication threat modellingSecure architecture designDevSecOps practices

Certifications (preferred)

OSCP or OSWECISSPCEH

Must-haves

  • 8+ years in application security, secure development, or penetration testing roles
  • Deep expertise in vulnerability assessment, threat modelling, and secure code review
  • Hands-on experience with SAST, DAST, SCA, and container scanning tools
  • Strong understanding of secure SDLC integration and DevSecOps practices
  • Proven ability to influence and mentor engineering teams on security practices

Nice-to-haves

  • Experience building or scaling AppSec programs from scratch
  • Background in cloud-native security (AWS, Azure, or GCP)
  • Certifications: OSCP, OSWE, or CISSP

What we offer

  • Lead security strategy for a growing technology organisation
  • Work with modern tech stacks and development teams
  • Influence product and engineering decisions at a strategic level
  • Continuous learning budget for tools, training, and certifications
  • Flexible work arrangements and collaborative security culture
  • Personal guidance from a dedicated MVPeople consultant who knows your niche

The process

1

Introduction

Phone call with your MVPeople consultant (within 24 hours)

2

Match & Brief

We discuss the assignment in detail and prepare you

3

Client meeting

Introduction to the client

4

Start

Contracting and onboarding

Details

Type

Permanent

Location

Amsterdam

Work model

Hybrid

Level

Senior

Industry

overige

Posted

24 March 2026

Contact

MVPeople Group

jobs@mvpeoplegroup.com
Apply nowMore information

Related vacancies

IT Risk ManagementPermanent

Senior Security Risk & Resilience Consultant

AmsterdamHybrid
View vacancy
SOC & Blue TeamPermanent

Senior Director Security Operations

AmsterdamHybrid
View vacancy
Change ManagementPermanent

Cybersecurity Specialist

AmsterdamHybrid
View vacancy
Apply now