Information Security Engineer – English

INTERESTED IN THIS JOB? – CLICK HERE

Job Specs

Category
ICT

Region
Netherlands: Amsterdam
Salary
Depends on experience
Languages
English (Fluent)
Hiring type
Contracting
Duration
2 months
Start date
ASAP
Job ref.
26-0424

Contact

Liviya
+31 (0)70 311 7822
liviya@bluelynx.com

Description

Our client is an innovative software development company that provides effective workflow solutions for other businesses by creating a great experience and increasing productivity.

They are currently looking for an Information Security Engineer to join their expanding team in Amsterdam. 

In the role, you will handle high-impact security vulnerabilities, investigate internal systems for duplication or remediation plans, and track security issues in collaboration with engineering teams.

Job Profile for Information Security Engineer
Responsibilities will include, but not be limited to:

  • Triage security findings submitted through customer channels by validating exploitability, assessing affected scope, evaluating risk, and determining appropriate remediation actions
  • Analyse platform-level vulnerabilities across web applications, APIs, and server-side attack surfaces, including SSRF, IDOR, SQL injection, blind injection, XSS, GraphQL abuse, privilege escalation, and other related attack vectors
  • Prepare customer-facing security assessments that provide sufficient technical depth for security leadership while remaining clear and actionable for account teams
  • Collaborate with engineering teams on defect tracking, remediation planning, backport decisions, patch validation, and vulnerability resolution
  • Reproduce and validate reported vulnerabilities in lab environments, including cloud instances, Personal Developer Instances (PDIs), and local deployments
  • Review JavaScript and Java code to trace attack paths, identify root causes, and verify the completeness and effectiveness of security fixes

Candidate Profile for Information Security Engineer

  • Must be fluent in English, both written and spoken
  • 3+ years of experience in application security, penetration testing, bug bounty, or product security engineering
  • Experience writing technical security reports for engineering teams, security leadership, and executive stakeholders
  • Advanced experience with the company’s platform, including custom application development and a deep understanding of ACL models and application scoping, is a plus
  • Experience in customer-facing security roles or managed security services (MSS) is advantageous
  • Experience triaging vulnerability reports from bug bounty platforms such as HackerOne or Bugcrowd is preferable
  • Strong knowledge of web application security principles, including the OWASP Top 10 and advanced attack vectors such as prototype pollution, server-side injection, SSRF, IDOR, GraphQL abuse, and privilege escalation
  • Strong understanding of the company’s security mechanisms, including ACLs, roles, scoped applications, Business Rules, Scripted REST APIs, GlideRecord, Table API, and platform data access patterns
  • Proficiency in reviewing and analysing JavaScript and Java codebases
  • Strong understanding of CVSS scoring methodology and the ability to accurately assess and justify vulnerability severity
  • Relevant security certifications such as OSCP, GIAC GWEB, GWAPT, or equivalent are a plus
  • Ability to reproduce customer-reported security issues in lab environments by mirroring production scenarios
  • Ability to trace client-side and server-side code paths to identify root causes and clearly communicate vulnerability scope and impact

What Our Client Offers

  • 25 vacation days annually and additional company – wide days off
  • Pension scheme
  • Opportunity to collaborate with stakeholders of various backgrounds/levels
  • Opportunity to join a highly innovative company with a dynamic atmosphere

Already imagine yourself in this position? To make the first step, click Apply or email us your CV at cv@bluelynx.com

Please note

As part of the Blue Lynx recruitment process, you may be asked to provide references and copies of your diplomas. Please note that a background check may also be conducted.

Due to the high volume of applications, we are unable to respond to every candidate individually. If you have not received a call or email from a Blue Lynx recruiter within five working days, your application has not been shortlisted on this occasion.

To ensure you are considered for job opportunities, we encourage you to register an account by selecting Register Online

For any queries, please email us at: cv@bluelynx.com

To learn more about Blue Lynx and view all current vacancies, please visit our website: www.bluelynx.com

INTERESTED IN THIS JOB? – CLICK HERE


Contact

Liviya Cherneva+31 (0)70 311 7822
liviya@bluelynx.com

Search for jobs