Senior Security Specialist

With Catawiki in Amsterdam - NL

More jobs from Catawiki

Posted on June 10, 2019

About this job

Location options: Visa sponsor, Paid relocation
Job type: Full-time
Experience level: Mid-Level, Senior
Role: System Administrator
Industry: eCommerce
Company size: 501-1k people
Company type: VC Funded


security, ruby-on-rails, python, owasp

Job description

Our Security story

Being the biggest online auction platform for special objects in Europe we strive to provide the most secure and trustful experience for our customers. Our users' safety is an integral part of our success and we develop security measures to protect their journey on our Platform. From the early stage we employ a wide range of tactics, resources, and tools to protect our services from different kinds of attacks, enforce and make sure compliance in technology and law.

So what's the job

As a Security Analyst at Catawiki, you will be responsible for the safety of our high traffic website and mobile app loved by our millions of users! With your broad knowledge of OWASP, Mobile and API vulnerabilities and bug bounty programs all Catawiki users will appreciate you for placing great importance on keeping their information safe and secure. Your colleagues will praise you for the awesome level of service and security you are helping them build into the infrastructure and our software.

You'll move in sync with…

As a part of Platform team you’ll be working with Product teams providing expertise and security guidance for our products and technologies we use. You’ll be working together with our technology leaders on building and integrating systems and processes called to protect our customers and business, reducing risks by strengthening our defence and offence layers and refining security strategy.

A little about you

Being a Security Analyst within Catawiki you’re closely familiar with:

  • OWASP top 10, Mobile app vulnerabilities, API vulnerabilities and the basics of network security.
  • Good understanding of Security in SDLC process, ability to create security policies and implementing them.
  • Bug bounty programs (eg: HackerOne or ZeroCopter). You used to be involved in architecture and design reviews for security pitfalls.
  • Hands on experience in common security testing tools like Burp, Nmap, Nessus etc. Hands on experience in auditing web and mobile applications.

Nice to have :

Knowledge of/and experience in implementing the most important EU rules and regulations in a company:

  • GDPR, among others: access, retention, encryption
  • ISO 27001
  • NIS Directive (draft procedures for cybersecurity incidents)

Apply here