Skip to content
MVPeople Group Logo
MVPeopleGroup
Application Security

Staff Application Security Engineer

AmsterdamPermanentHybrideSenioroverige
Reageer directStel een vraag

Over de opdracht

You own application security at scale. The organisation trusts you to set standards, conduct threat modelling, and ensure developers ship secure code without slowing delivery.

You're not just reviewing pull requests. You architect security controls, lead secure code reviews on critical systems, and define AppSec policies that stick. You work across multiple teams, translating security requirements into practical guidance.

Your impact spans the entire development ecosystem—from CI/CD pipelines to pre-production security testing. You reduce vulnerability density, improve patch velocity, and build a security-aware engineering culture.

Jouw werkzaamheden

  • Design and maintain application security architecture standards across all development teams
  • Conduct threat modelling and security design reviews for critical applications and APIs
  • Build and maintain secure code review processes and SAST/DAST automation in CI/CD pipelines
  • Lead vulnerability assessment programs, prioritise findings, and track remediation metrics
  • Mentor developers on secure coding practices and OWASP top 10 prevention techniques
  • Own supply chain security: dependency scanning, SCA tooling, and third-party library risk management
  • Collaborate with cloud and infrastructure teams on runtime security and container hardening
  • Report AppSec metrics and risk posture to security leadership and business stakeholders

Tech Stack & Tools

Platforms & Tooling

Burp SuiteSonarqubeCheckmarx or FortifyDependabot or SnykOWASP ZAP

Frameworks & Standaarden

OWASP Top 10 and OWASP ASVSCWE/CVSSSTRIDE threat modellingSecure SDLC (sSSLM)

Cloud & Infrastructure

AWS (CodePipeline, CodeBuild security)Azure DevSecOpsContainer security (Docker, Kubernetes, ECR/ACR scanning)

Methodieken

Code review and secure code principlesApplication threat modellingSecure architecture designDevSecOps practices

Certificeringen (pré)

OSCP or OSWECISSPCEH

Must-haves

  • 8+ years in application security, secure development, or penetration testing roles
  • Deep expertise in vulnerability assessment, threat modelling, and secure code review
  • Hands-on experience with SAST, DAST, SCA, and container scanning tools
  • Strong understanding of secure SDLC integration and DevSecOps practices
  • Proven ability to influence and mentor engineering teams on security practices

Nice-to-haves

  • Experience building or scaling AppSec programs from scratch
  • Background in cloud-native security (AWS, Azure, or GCP)
  • Certifications: OSCP, OSWE, or CISSP

Wat wij bieden

  • Lead security strategy for a growing technology organisation
  • Work with modern tech stacks and development teams
  • Influence product and engineering decisions at a strategic level
  • Continuous learning budget for tools, training, and certifications
  • Flexible work arrangements and collaborative security culture
  • Personal guidance from a dedicated MVPeople consultant who knows your niche

Het proces

1

Kennismaking

Telefonisch gesprek met je MVPeople consultant (binnen 24 uur)

2

Match & Brief

We bespreken de opdracht in detail en bereiden je voor

3

Klantgesprek

Introductie bij de opdrachtgever

4

Start

Contractering en onboarding

Details

Type

Permanent

Locatie

Amsterdam

Werkmodel

Hybride

Niveau

Senior

Sector

overige

Geplaatst

24 maart 2026

Contact

MVPeople Group

jobs@mvpeoplegroup.com
Reageer directMeer informatie

Vergelijkbare vacatures

GRC & CompliancePermanent

Cybersecurity Consultant

AmsterdamHybride
Bekijk vacature
CISOPermanent

Senior Director Security Operations

AmsterdamHybride
Bekijk vacature
GRC & CompliancePermanent

Permanent Hiring Specialist Cybersecurity

AmsterdamHybride
Bekijk vacature
Reageer direct