Security Engineer

The company

You will be joining one of the leading software providers in the Dutch education market. The company builds SaaS platforms used by hundreds of thousands of people, including students, teachers, large educational institutions and government organisations. Millions of exams are processed through their software every year. Reliability is not optional, it is the core of the product.

The organisation has over 100 employees across two offices in the Netherlands and is going through a period of significant growth, supported by a recent private equity investment. The goal is to become a strong European player. The culture is straightforward: people take ownership, decisions get made, and there is room to have real influence.

The role

This is a new position. The organisation runs four product teams working in PHP and .NET, a shared infrastructure team, and around 40 developers in total. Security is a growing priority and you will be the person who builds and owns that function.

You report directly to the CTO and are the internal expert on cybersecurity. You work closely with IT and development to make security part of how things are built and run, not something that gets bolted on at the end.

What you will be doing:

• Run a baseline security assessment across cloud, identity, applications and endpoints
• Write and publish core security policies: access control, incident response and vulnerability management
• Implement a SIEM to improve threat detection and incident response
• Set up a vulnerability management programme with defined SLAs
• Strengthen CI/CD pipelines with secrets scanning, SAST and IaC scanning
• Manage third-party risk: vendor inventory, classification and periodic reviews
• Build a security awareness programme with quarterly phishing tests and role-based training
• Work toward ISO 27001 readiness and demonstrable compliance with NIS2 and the EU AI Act
• Embed security into the SDLC together with the development team

What you bring

• At least 5 years of experience in cyber security, security engineering or IT security
• Proven experience building a security function, not just maintaining one
• Background in a SaaS environment or a similarly technical setting
• Solid knowledge of network and cloud security, identity and access management, and security tooling
• Hands-on experience with CI/CD, infrastructure as code and application security (.NET and/or PHP)
• Experience with monitoring, incident response and vulnerability management
• A relevant certification: CISSP, CISM, OSCP, CEH or AWS Security Specialty

What sets you apart:

• You can talk through real incidents: what happened, what you did and what came out of it
• You understand how developers think and know how to work with them, not around them
• You are comfortable working independently without a team around you from day one
• You know your way around ISO 27001 and the EU AI Act and want to build on that knowledge

What you get

• Salary between 4,000 and 6,000 euros per month based on a 40-hour week
• One-year contract with a strong likelihood of a permanent position
• 29 holiday days based on a 40-hour week
• Hybrid working: up to 2 days from home, based in Nijkerk or Utrecht
• Pension scheme and expense allowance
• Access to a mental wellbeing platform for you and your immediate family
• Room to grow and develop professionally
• A relaxed working environment with regular social activities

Interested? Want to know more or have an informal chat? Feel free to reach out to Samir Jouseiph at s.jouseiph@haystackpeople.nl