Bitvavo
Senior Application Security Engineer
BitvavoNetherlands8 days ago
Full-timeRemote FriendlyInformation Technology
We are seeking a Senior Application Security Engineer to join our Security team at Bitvavo, a leading cryptocurrency exchange. This role combines hands-on technical expertise with program development and enablement, ensuring our developers can build and ship secure applications at scale.

The mission is to empower engineering teams to “shift-left”, embedding security into every stage of the software development lifecycle, while also driving automation, vulnerability management, and application security tooling.

How will you make an impact?

  • Lead threat modeling and security reviews, with a focus on automation and scalability.
  • Drive automated code scanning and strengthen vulnerability management processes.
  • Partner with developers across backend and frontend teams to enable secure coding and deployment practices.
  • Curate, triage, and validate SCA and SAST findings, streamlining automation workflows.
  • Evaluate, implement, and operate security tooling (e.g., SAST/DAST platforms, Semgrep, Wiz, Snyk, Bug Bounty, Supply Chain Security).
  • Collaborate with product and platform teams, embedding within project squads when needed to support security feature development
  • Build and scale capabilities in pen testing, red/purple team exercises, and developer training.
  • Ensure security compliance with relevant frameworks (GDPR, DORA, PCI).

How will you be successful?

  • Former backend or frontend developer who transitioned into security engineering; strong coding and secure development experience.
  • 8+ years in secure software development and application security roles.
  • Proven track record of building and scaling application security programs from the ground up.
  • Technical skills: Proficiency in one or more modern languages (Kotlin, Go, TypeScript, Python). Familiarity with Kubernetes, containerized deployments, and CI/CD environments.
  • Cloud expertise: Strong experience with AWS and/or GCP services.
  • Security expertise: Strong understanding of Authn/Authz services, API security, and secure coding aligned with OWASP Top 10.
  • Tooling familiarity: Experienced with application security tools such as Burp, Wiz, Snyk, Semgrep, SAST/DAST platforms.
  • Experience in regulated industries (fintech, payments, crypto, banking) is highly desirable

At Bitvavo, we believe that diverse perspectives drive innovation, foster creativity, and lead to better outcomes. We are committed to building a team that reflects the diversity of the communities we serve and creating an inclusive environment where everyone can thrive.We welcome applicants of all backgrounds, identities, and experiences. Regardless of race, ethnicity, gender, sexual orientation, age, religion, ability, or any other characteristic. Join us and be part of a team that values and celebrates your unique contributions.

Bitvavo does not accept resumes from staffing, search, or recruitment firms without a signed agreement. If you send us a resume without such an agreement, we may contact the candidate directly without any obligation whatsoever and no fee of any kind will be paid should we hire the candidate.

Benefits

We care about our people. That's why we have a broad range of benefits to support them mentally, physically, and in their career growth. And an extra holiday for your birthday, just for fun.

  • Flexible well-being budget
  • Training and development budget
  • Competitive package
  • Hybrid working
  • Pension scheme
  • 26 days holiday leave
  • Internet allowance
  • Mental health support platform

Key Skills

Ranked by relevance
Apply