Principal Security Engineer - Platform & Application Security

Amsterdam, NL
Technology – Enterprise IT /
Permanent /
Hybrid
About the role
The Security team at Storio group consists of 3 pillars, Governance Risk & Compliance, Operations and Engineering. Whilst we are a team and we expect support across all pillars, you will be the technical lead for the Security Engineering pillar.

Utilising agile principles we aim to continuously learn and adapt to the needs of the organisation. In your role you will be instrumental in safeguarding our organisation's digital assets with the main focus on Application and Platform security, working directly with our Engineering teams.

Your daily adventure at Storio:

    • Lead and define approaches to improve our security culture, technical excellence and defining best practices for robust security within the organisation.
    • Own the Application and Platform security standards and ensure adherence through a data driven governance model.
    • Drive the secure SDLC program within engineering departments and align with the compliance standards Application Security: Conducting thorough assessments, implementing robust security measures, and ensuring the continuous enhancement of our application security posture.
    • Application Code Security: Addressing identified issues collaboratively with developers and continuously improving code security.
    • Penetration Testing: Regularly identifying vulnerabilities through proactive penetration testing customer facing websites, mobile applications, thick clients and further reducing the risk of security incidents.
    • Application Architecture Reviews: Conduct comprehensive reviews to identify and rectify potential security gaps.
    • Cloud Platform Security Remediations: Leading efforts to remediate security issues at the platform level for a robust infrastructure.
    • Training and Development: Collaborating with development teams to provide training on secure coding practices and fostering a security-aware culture.
    • In-House Security Solutions: Utilising a development background to contribute to the maintenance and development of in-house security solutions, such as Security Bots and AWS WAF.

How you make your mark:

    • You will be instrumental in safeguarding our ecommerce platform and ensuring the protection of our business continuity and customers' data. 
    • As the security engineering pillar you will be the centre of excellence in regards to Application and Platform security.
    • As a Principal Security engineer you will play a key role in the education of our engineers, influencing our ways of working and increasing the security knowledge.

What you bring to the party:

    • Excellent communication and collaboration skills to effectively work with developers, engineers, and other stakeholders.
    • Extensive experience in application security, penetration testing and cloud security.
    • Development background preferred, with proficiency in one or more of the following programming languages and scripting: Python, C#, JavaScript, TypeScript, HCL, Swift, Kotlin, Terraform, Cloudformation, SDKs etc.
    • Proven ability to identify and remediate security vulnerabilities in web applications and cloud platforms.
    • Strong understanding of secure coding practices (e.g., OWASP Top 10) and secure development lifecycles (SDLC).
    • Experience with penetration testing methodologies (e.g., OWASP Testing Guide) and tools (e.g., Burp Suite, Metasploit) and implementing OWASP ASVS/M-ASVS/MASDG.
    • Passion for security and a strong desire to build a secure and robust security posture.

Extra kudos for experience:

    • Experience developing and maintaining in-house security solutions (e.g., Security Bots, AWS WAF).
    • Experience managing bug bounty programs and triaging vulnerability reports.
    • Experience conducting security architecture reviews.
    • Experience with cloud security best practices (e.g., AWS/GCP/Azure Security best practices).
    • Experience contributing to security awareness training programs for developers.

Why you'll love it here:

    • At Storio group, we understand the importance of work-life balance. You'll find opportunities to make the most of our generous annual leave policy, remote working policy, and a versatile hybrid working model. you'll discover a warm and inclusive company culture that includes social events throughout the year and a team rich in diversity.
About us
We are Storio group, a place where life’s stories are made, crafted and shared. A place where we create new ways to pass memories and stories between people and generations. And where, together, we make joy unforgettable. We bring our customers’ stories to life through a range of high-quality personalised photo products, like photo books, wall decor, calendars & gifts. Our innovative technology enables customers to easily personalise their creations to keep for themselves or share as the most thoughtful of gifts.

Every single one of our employees brings something unique to Storio group and leaves a lasting imprint on our work, our culture and our company. Storio group is a place where we can all see and feel the impact of what we do, every day. A career with us is an opportunity to make your mark on our customers’ lives and on your career.

Our values shape everything we do, from our interactions with customers and colleagues to the way we approach our work. We believe in fostering an environment where everyone can thrive and contribute to our shared success. At Storio group, we: 

Act with heart: People - both customers and employees - are at the heart of all we do. So we embrace diversity and get to know each other as real people and build real relationships based on mutual understanding and respect.

Give our best: As the crafters and makers of people’s memories, we play an important role in our customers’ lives. That’s why we give our best and work together to make the right decisions and build a better business everyday. 

Own all we do: We are all, as individuals and as a team, responsible for creating our success and shaping our future. We lead the charge and drive things forward - fully owning our actions and decisions along the way.

Embrace curiosity: We believe progress requires curiosity. So, we’re relentlessly curious about the world and each other, actively seeking out diverse perspectives and always asking big questions like ‘why’ and ‘what’s next’?

Find the joy: At Storio, joy matters. We see it as a state of mind, so while we don’t pretend every day will be easy, we do set out every day to intentionally find, create and share big and little moments of joy with our customers and teammates.

Equal opportunities statement
We are committed to promoting equal opportunities in employment regardless of age, disability, marital or civil partner status, pregnancy or maternity, colour, nationality, ethnic or national origin, religion or belief, sex or sexual orientation.

If you have a disability or special need that requires reasonable adjustments in order for you to perform at your peak during the interview, please let our HR team know ahead of time so that they can assist. We will consider the matter carefully and try to accommodate your needs within reason. If we consider a particular adjustment would not be reasonable we will explain our reasons and try to find an alternative solution where possible.

Sponsorship
We aren't able to offer sponsorship for this role so please only apply if you have the Right to Work without the need for sponsorship