Application Security Engineer

As an Application Security Engineer, you will play a key role in assessing our Secure Software Development Lifecycle maturity, defining a security roadmap, and driving the implementation and improvement of cybersecurity activities.

This is a full-time, permanent role based in the DELMIA R&D Lab in 's-Hertogenbosch, the Netherlands. We expect you to work inside this office for at least 3 days a week.

YOUR RESPONSIBILITIES :

1. Lead our “shift left” security efforts to build security into the software development lifecycle.
2. Conduct secure design reviews and threat modeling sessions. Identify and prioritize risks, attack surfaces, and vulnerabilities.
3. Be available to conduct security code reviews and advise developers on remediating vulnerabilities and following secure coding practices.
4. Take charge of our vulnerability management program. Triage and prioritize vulnerabilities from scans, audits, and bug bounty submissions. Track remediation and validate fixes.
5. Research and recommend security tools and technologies to strengthen defenses against emerging threats targeting machine learning systems.
6. Develop and document security policies, standards, and playbooks. Conduct security awareness training sessions for engineers.
7. Collaborate closely with product engineers and researchers to instill security best practices. Advocate for secure architecture, design, and development.
8. Be the main DELMIA Quintiq R&D contact for security-related subjects, such as answering questions related to our security development practices, tools, and processes.

YOUR QUALIFICATIONS :

1. Have 3+ years of hands-on experience in application and infrastructure security, including securing cloud-based and containerized environments.
2. Have empathy, collaboration skills, and a learning mindset to work cross-functionally with engineers of all levels towards building security into the product lifecycle.
3. Use creative and strategic thinking to reduce risks through secure design and simplicity, not just controls.
4. Possess broad security knowledge to connect dots across domains and identify holistic ways to lower the overall attack surface.
5. Ability to distill complex security concepts into clear actions and drive consensus without direct authority.
6. Proactive mindset to integrate security throughout the product lifecycle through activities like threat modeling, secure code review, and security education.
7. Strong grasp of offensive security to anticipate risks from an adversary's perspective, not just check compliance boxes.
8. Experience with modern application stacks, infrastructure, and security tools to implement pragmatic defenses.
9. Passionate about security fundamentals like least privilege, defense-in-depth, and eliminating complexity to enhance security through smart design.