Security Engineer

<div class="content-intro"><p>At Catawiki, every day brings the extraordinary! Whether it’s <a href="https://www.catawiki.com/en/c/583-sports-memorabilia">Daniel Ricciardo’s Formula 1 Car</a>, a <a href="https://www.catawiki.com/en/c/579-fossils">Woolly Mammoth’s Skeleton</a>, <a href="https://www.catawiki.com/en/l/10035805">Lady Gaga's Jumpsuit</a> or <a href="https://www.catawiki.com/en/c/583-sports-memorabilia">Usain Bolt’s running shoe</a>, we encounter exceptional objects every day.</p> <p>We’re a one-of-a-kind marketplace for buying and selling special objects. Each week, more than 100,000 unique items are auctioned, all carefully curated by our passionate in-house experts.</p> <p>Having sold over 25 million unique objects, our mission is to become the world’s most popular destination for special objects. As a growing, diverse and sustainable scale-up, we proudly live by three core values. If these values resonate with you, we’d love to explore how you can join us.</p> <ul> <li>Taking ownership and driving impact&nbsp;</li> <li>Being open to change and feedback</li> <li>Being passionate about our mission and our customers.&nbsp;</li> </ul></div><h3><strong>About the Role and Team</strong></h3> <p>As a Security Engineer, you’ll join our Security function and work closely with Platform Engineers, development teams, Legal, IT, Trust &amp; Safety teams to ensure the protection of our platform, our users, and their data. You’ll help build and maintain a strong security foundation across our systems — including our emerging use of AI — making security a natural part of how we design, build, and operate at scale.</p> <p>In this role, you’ll operate in a highly collaborative, engineering-driven environment where security is a shared responsibility. You’ll combine hands-on technical work with cross-functional partnership, enabling secure product development, guiding teams through best practices, and helping Catawiki maintain user trust while continuing to grow securely and responsibly in an AI-enhanced environment.</p> <h3><strong>What You’ll Do</strong></h3> <ul> <li>Identify, assess, and remediate security vulnerabilities across applications, infrastructure, internal services, and AI/ML pipelines.</li> <li>Conduct secure code reviews, threat modeling, and security assessments for new features, architectural changes and legacy components.</li> <li>Implement and maintain secure storage mechanisms, encryption practices, secrets management, and key management solutions.</li> <li>Define, document, and enforce security policies, standards, and best practices throughout the software development lifecycle (SDLC), including AI-related data handling and model governance.</li> <li>Collaborate closely with Platform Engineers to integrate security into CI/CD pipelines, infrastructure-as-code, runtime environments.</li> <li>Work with Legal, IT, Trust &amp; Safety teams to ensure compliance, support investigations, manage security requirements.</li> <li>Participate in incident response — investigate security events, triage issues, support remediation, and strengthen preventive controls.</li> <li>Raise security awareness across the company by providing guidance, training, and proactive support for secure development, AI safety, and system design.</li> <li>Contribute to long-term security strategy by evaluating emerging threats — including those involving AI — identifying opportunities for automation, and recommending new tools or processes.<br><br></li> </ul> <h3><strong>Who You Are</strong></h3> <ul> <li>You have <strong>development experience in Ruby, Python, or a similar language</strong>, and you’re comfortable reviewing and contributing to backend codebases.</li> <li>You bring&nbsp;<strong>3+ years of hands-on security engineering experience</strong>, ideally in a cloud-based or high-traffic environment.</li> <li>You understand application, infrastructure, and AI/ML security principles, and you can navigate risk within data pipelines and model-driven systems.</li> <li>You have strong knowledge of secure coding practices and common vulnerabilities (OWASP, SANS) across both traditional and AI-enabled services.</li> <li>You’re experienced with secure code reviews, threat modeling, and designing practical and scalable mitigations.</li> <li>You have a solid understanding of cryptography, encryption, key management, secrets handling, and secure data storage.</li> <li>You’re familiar with integrating security into modern SDLC practices — including pipelines, IaC, cloud-native environments, and emerging AI workflows.</li> <li>You communicate clearly and collaborate effectively with engineering and non-engineering teams..</li> <li>You’re proactive, curious, and comfortable driving initiatives that strengthen our long-term security posture.</li> </ul><div class="content-conclusion"><div class="text text-align-left "> <h3><strong>Why You'll Love Working with Us</strong></h3> <ul> <li><strong>Create a visible impact </strong>by working at scale in a global organisation serving millions of customers across 80+ categories. In our flat structure, every role has a broad scope and directly impacts both our customers and the business.</li> <li><strong>Learn and grow</strong> through our Learning &amp; Development initiatives, including clear development plans and mentorship programmes to support your career progression.</li> <li><strong>A culture of connection defines us</strong>. We’re a passionate, diverse team of 800+ Catawikians representing 60+ nationalities. We foster an inclusive and queer-friendly environment where everyone is encouraged to bring their full self to work.</li> <li><strong>Celebrate life’s moments with us. </strong>You’ll receive a €100 Catavoucher when you join, a €50 Catavoucher on your birthday, and an extra day off each year to “Pursue Your Passion<strong>”</strong>. We also offer additional leave for key work anniversaries and important life events. Benefits may vary by location.</li> </ul> <h3><strong>Our Offices and Way of Working</strong></h3> <p class="p1">Our vibrant offices in Amsterdam, Paris and Lisbon are designed to inspire collaboration. Most Catawikians operate in a hybrid setup, combining office-based and remote work, with a minimum of two days per week in the office, unless a role is explicitly stated as fully remote or fully office-based.</p> </div> <h3><strong>Interested?</strong></h3> <p class="p1">Apply with an English CV and Cover Letter. By applying, you agree to <a href="https://www.catawiki.com/conditions/applicant-privacy-policy.pdf">Catawiki’s Applicant Privacy Policy.</a> If you’re excited about this role but don’t meet every requirement, we still encourage you to apply anyway. You may be just the right candidate for this or other roles.</p></div>