
Catawiki · Netherlands
At Catawiki, every day brings the extraordinary! Whether it’s Daniel Ricciardo’s Formula 1 Car, a Woolly Mammoth’s Skeleton, Lady Gaga's Jumpsuit or Usain Bolt’...
At Catawiki, every day brings the extraordinary! Whether it’s Daniel Ricciardo’s Formula 1 Car, a Woolly Mammoth’s Skeleton, Lady
Gaga's Jumpsuit or Usain Bolt’s running shoe, we encounter exceptional objects every day.
We’re a one-of-a-kind marketplace for buying and selling special objects. Each week, more than 100,000 unique items are auctioned,
all carefully curated by our passionate in-house experts.
Having sold over 25 million unique objects, our mission is to become the world’s most popular destination for special objects. As
a growing, diverse and sustainable scale-up, we proudly live by three core values. If these values resonate with you, we’d love to
explore how you can join us.
As a Security Engineer, you’ll join our Security function and work closely with Platform Engineers, development teams, Legal, IT,
Trust & Safety teams to ensure the protection of our platform, our users, and their data. You’ll help build and maintain a strong
security foundation across our systems — including our emerging use of AI — making security a natural part of how we design,
build, and operate at scale.
In this role, you’ll operate in a highly collaborative, engineering-driven environment where security is a shared responsibility.
You’ll combine hands-on technical work with cross-functional partnership, enabling secure product development, guiding teams
through best practices, and helping Catawiki maintain user trust while continuing to grow securely and responsibly in an
AI-enhanced environment.
pipelines.
components.
(SDLC), including AI-related data handling and model governance.
environments.
controls.
safety, and system design.
opportunities for automation, and recommending new tools or processes.
backend codebases.
model-driven systems.
AI-enabled services.
emerging AI workflows.
our flat structure, every role has a broad scope and directly impacts both our customers and the business.
support your career progression.
foster an inclusive and queer-friendly environment where everyone is encouraged to bring their full self to work.
extra day off each year to “Pursue Your Passion”. We also offer additional leave for key work anniversaries and important life
events. Benefits may vary by location.
Our vibrant offices in Amsterdam and Lisbon are designed to inspire collaboration. Most Catawikians operate in a hybrid setup,
combining office-based and remote work, with a minimum of two days per week in the office, unless a role is explicitly stated as
fully remote or fully office-based.
Apply with an English CV and Cover Letter. By applying, you agree to Catawiki’s Applicant Privacy Policy. If you’re excited about
this role but don’t meet every requirement, we still encourage you to apply anyway. You may be just the right candidate for this
or other roles.
At Bynder, we don’t just store creative assets; we enable brands to deliver exceptional content experiences that drive business impact. In an era of exploding content volume and complexity, the world’s most iconic brands, including Spotify, Campari, and Lacoste, trust Bynder as their single source of truth for creative content. Our industry-leading DAM platform serves as the strategic engine for brand governance and control. We are leading the shift from management to AI-powered content orchestration. By integrating human-led, customizable AI Agents directly into our enterprise-grade infrastructure, we enable brands to augment their workforce and intelligently automate high-effort workflows without sacrificing brand integrity. We turn creative content into intelligent assets that accelerate personalization and drive measurable business outcomes. Ready to grow your career by helping the world’s leading brands deliver exceptional content experiences? Join our global team of 600+ ‘Byndies’ and help 4,000+ organizations work smarter with their content. Explore this opportunity and apply now to join our team. At Bynder, we believe security should never be an afterthought. We’re looking for a Security Engineer who thrives in a growth-oriented environment, someone who sees security as a starting point, not the finish line. If you’re hands-on by nature, energized by breadth, and serious about building security that actually scales in a cloud-native SaaS environment, you’ll feel right at home here. MEET THE TEAM We’re Bynder’s Security team: pragmatic, sharp, and relentlessly focused on enabling secure growth. We favor automation over repetition, integrations over point solutions, and smart security design over checkbox compliance. You’ll report directly to the VP Information Security and work alongside an Associate Security Engineer who brings strong application security and tooling chops. Together, you’ll cover the full security stack: AppSec, cloud, detection, and governance across a modern, cloud-native SaaS platform used by thousands of brands worldwide. Security at Bynder is a team sport. We work hand-in-hand with Platform teams, engineering, and business stakeholders to challenge assumptions, take calculated risks, and continuously raise the bar. It’s how we scale securely, and it’s part of how we win together. WHAT YOU’LL DO * Plan and (help) execute penetration tests against web applications, APIs, and cloud infrastructure, and manage external pentest engagements including scoping, vendor coordination, and remediation tracking. * Embed security across the full SDLC: leading threat modeling, security assessments, and vulnerability remediation in close collaboration with our engineering and product teams. * Own and evolve our cloud security posture across our AWS environment, working with Wiz (CSPM, CNS, Code, AI Security) to drive risk prioritization, misconfiguration remediation, and shift-left security workflows. * Champion security controls within our CI/CD pipelines, from IaC scanning and SAST integration to secure deployment practices, working closely with DevOps and development teams. * Support security incident response, investigation, containment guidance, and post-incident review and help mature our detection and response workflows over time. * Translate compliance requirements (SOC2, ISO 42001, GDPR) into concrete technical controls and act as a technical point of contact for customer security discussions, questionnaires, and enterprise onboarding. * Conduct vendor and third-party security risk assessments to protect our supply chain and advise on emerging AI/ML security risks as these technologies become more deeply embedded in our product. * Share knowledge and raise the craft, you’ll naturally become a technical anchor for your teammate and a collaborative voice across engineering on what good security looks like in practice. WHAT YOU BRING * 3–7 years of hands-on experience in application security, cloud security (AWS), or a broad security engineering role. * Proven experience conducting penetration tests on web applications, APIs, and/or cloud environments, with a solid grip on OWASP Top 10 and common vulnerability classes. * Solid understanding of AWS security: IAM, VPC design, cloud-native architecture and a clear intuition for what secure cloud infrastructure looks like. * Familiarity with application security testing tools (SAST, DAST) and a practical understanding of DevSecOps: you know where to plug in and how to make it stick with developers. * Strong communication skills, you can explain security risks clearly to both engineers and non-technical stakeholders, and you don’t default to “no” when there’s a smarter path forward. * A growth mindset and genuine curiosity, you’re comfortable operating across domains, actively building skills you don’t yet have, and you see a broad scope as an opportunity, not a burden. BONUS POINTS IF YOU… * Have hands-on experience with Wiz, or other CSPM/CNAPP platforms. * Hold an offensive security certification (OSCP or similar) or have contributed to bug bounty programmes. * Have experience with AI/ML security risks and frameworks (OWASP LLM Top 10, MITRE ATLAS). * Write security scripts, tinker with tools, or keep a personal GitHub with automation or research projects. * Have experience with Terraform or IaC security scanning. * Have hands-on experience with Kubernetes and container security. * Are familiar with common programming languages (e.g. Python, Java, Scala) and can read and reason about code to support security reviews WHAT WE HAVE * Challenging and inspiring work environment * Learning and Development budget * Commuting budget * Mental Health and Well-being Support * Bynder Love "stipend” * Unlimited vacation policy * Volunteer Time Off * Team and Company activities * Complimentary Lunches and Snacks * Offices in Amsterdam or Rotterdam If you don’t tick every box but you’re the kind of person who figures things out, speaks up, and raises the standard around you, we’d still love to hear from you. OUR COMMITMENT Bynder Love is the principle that guides the way we grow our teams, support our employees, and celebrate our differences. At Bynder we strive to create a culture that embraces every Byndie because differences in background, experience, and perspective make Bynder even better. At Bynder a diverse, inclusive, and equitable workplace is one where all employees, whatever their ethnicity, color, sex, age, religion, disability, sexual orientation, gender identity, national origin, or physical and mental ability are valued and respected. Our commitment is for all Byndies to have the freedom to be their true authentic selves. Just as we are never finished innovating, Bynder’s commitment to being An Even Better Bynder is a constant, evolving commitment that includes education, listening, and action. #LI-Hybrid #LI-MF1
At Bynder, we don’t just store creative assets; we enable brands to deliver exceptional content experiences that drive business impact. In an era of exploding content volume and complexity, the world’s most iconic brands, including Spotify, Campari, and Lacoste, trust Bynder as their single source of truth for creative content. Our industry-leading DAM platform serves as the strategic engine for brand governance and control. We are leading the shift from management to AI-powered content orchestration. By integrating human-led, customizable AI Agents directly into our enterprise-grade infrastructure, we enable brands to augment their workforce and intelligently automate high-effort workflows without sacrificing brand integrity. We turn creative content into intelligent assets that accelerate personalization and drive measurable business outcomes. Ready to grow your career by helping the world’s leading brands deliver exceptional content experiences? Join our global team of 600+ ‘Byndies’ and help 4,000+ organizations work smarter with their content. Explore this opportunity and apply now to join our team. At Bynder, we believe security should never be an afterthought. We’re looking for a Security Engineer who thrives in a growth-oriented environment, someone who sees security as a starting point, not the finish line. If you’re hands-on by nature, energized by breadth, and serious about building security that actually scales in a cloud-native SaaS environment, you’ll feel right at home here. MEET THE TEAM We’re Bynder’s Security team: pragmatic, sharp, and relentlessly focused on enabling secure growth. We favor automation over repetition, integrations over point solutions, and smart security design over checkbox compliance. You’ll report directly to the VP Information Security and work alongside an Associate Security Engineer who brings strong application security and tooling chops. Together, you’ll cover the full security stack: AppSec, cloud, detection, and governance across a modern, cloud-native SaaS platform used by thousands of brands worldwide. Security at Bynder is a team sport. We work hand-in-hand with Platform teams, engineering, and business stakeholders to challenge assumptions, take calculated risks, and continuously raise the bar. It’s how we scale securely, and it’s part of how we win together. WHAT YOU’LL DO * Plan and (help) execute penetration tests against web applications, APIs, and cloud infrastructure, and manage external pentest engagements including scoping, vendor coordination, and remediation tracking. * Embed security across the full SDLC: leading threat modeling, security assessments, and vulnerability remediation in close collaboration with our engineering and product teams. * Own and evolve our cloud security posture across our AWS environment, working with Wiz (CSPM, CNS, Code, AI Security) to drive risk prioritization, misconfiguration remediation, and shift-left security workflows. * Champion security controls within our CI/CD pipelines, from IaC scanning and SAST integration to secure deployment practices, working closely with DevOps and development teams. * Support security incident response, investigation, containment guidance, and post-incident review and help mature our detection and response workflows over time. * Translate compliance requirements (SOC2, ISO 42001, GDPR) into concrete technical controls and act as a technical point of contact for customer security discussions, questionnaires, and enterprise onboarding. * Conduct vendor and third-party security risk assessments to protect our supply chain and advise on emerging AI/ML security risks as these technologies become more deeply embedded in our product. * Share knowledge and raise the craft, you’ll naturally become a technical anchor for your teammate and a collaborative voice across engineering on what good security looks like in practice. WHAT YOU BRING * 3–7 years of hands-on experience in application security, cloud security (AWS), or a broad security engineering role. * Proven experience conducting penetration tests on web applications, APIs, and/or cloud environments, with a solid grip on OWASP Top 10 and common vulnerability classes. * Solid understanding of AWS security: IAM, VPC design, cloud-native architecture and a clear intuition for what secure cloud infrastructure looks like. * Familiarity with application security testing tools (SAST, DAST) and a practical understanding of DevSecOps: you know where to plug in and how to make it stick with developers. * Strong communication skills, you can explain security risks clearly to both engineers and non-technical stakeholders, and you don’t default to “no” when there’s a smarter path forward. * A growth mindset and genuine curiosity, you’re comfortable operating across domains, actively building skills you don’t yet have, and you see a broad scope as an opportunity, not a burden. BONUS POINTS IF YOU… * Have hands-on experience with Wiz, or other CSPM/CNAPP platforms. * Hold an offensive security certification (OSCP or similar) or have contributed to bug bounty programmes. * Have experience with AI/ML security risks and frameworks (OWASP LLM Top 10, MITRE ATLAS). * Write security scripts, tinker with tools, or keep a personal GitHub with automation or research projects. * Have experience with Terraform or IaC security scanning. * Have hands-on experience with Kubernetes and container security. * Are familiar with common programming languages (e.g. Python, Java, Scala) and can read and reason about code to support security reviews WHAT WE HAVE * Challenging and inspiring work environment * Learning and Development budget * Commuting budget * Mental Health and Well-being Support * Bynder Love "stipend” * Unlimited vacation policy * Volunteer Time Off * Team and Company activities * Complimentary Lunches and Snacks If you don’t tick every box but you’re the kind of person who figures things out, speaks up, and raises the standard around you, we’d still love to hear from you. OUR COMMITMENT Bynder Love is the principle that guides the way we grow our teams, support our employees, and celebrate our differences. At Bynder we strive to create a culture that embraces every Byndie because differences in background, experience, and perspective make Bynder even better. At Bynder a diverse, inclusive, and equitable workplace is one where all employees, whatever their ethnicity, color, sex, age, religion, disability, sexual orientation, gender identity, national origin, or physical and mental ability are valued and respected. Our commitment is for all Byndies to have the freedom to be their true authentic selves. Just as we are never finished innovating, Bynder’s commitment to being An Even Better Bynder is a constant, evolving commitment that includes education, listening, and action. #LI-Hybrid #LI-MF1
OPPORTUNITY The Security Engineer will join Brunswick's Information Security team and play a key role in supporting the firm's secure adoption of AI and emerging technologies. This role will act as a dedicated security professional supporting requests and initiatives originating from the firm's AI team, providing security review, architecture input, and risk-based guidance across third-party AI tools, enterprise platforms, AI-enabled applications, and internally developed solutions. Working closely with the AI team, ICT, application owners, and business stakeholders, the Security Engineer will help ensure new technologies are protected through appropriate security controls and guardrails throughout the development and delivery lifecycle. ABOUT THE ROLE In this role, you will provide technical security expertise across AI-related requests, third-party AI tools, internally developed applications, workflows, enterprise features, and emerging agent-based use cases. Key responsibilities include: * Review and assess third-party AI tools, enterprise AI platforms, and new AI-enabled features, including solutions such as ChatGPT, Claude, Microsoft Copilot, and other emerging technologies. * Review and assess requests relating to AI-enabled solutions, enterprise AI platforms, new features, integrations, and internally developed applications. * Provide security architecture guidance for applications and solutions developed or introduced by the AI team. * Support the implementation of security guardrails, governance processes, and secure design patterns for AI adoption across the firm. * Conduct STRIDE-based threat modelling for new internally developed solutions, AI-enabled workflows, integrations, and automation use cases. * Assess risks associated with AI use cases, including data exposure, prompt injection, model misuse, third-party dependency risk, inappropriate access to sensitive information, and insecure integrations. * Advise on secure design principles, including identity and access management, data protection, logging, monitoring, encryption, resilience, and secure configuration. * Define and document security requirements, architecture decisions, design recommendations, and risk-based remediation actions. * Monitor emerging AI security risks, attacker techniques, and industry best practices, ensuring relevant mitigations are considered within Brunswick's environment. WHAT WE'RE LOOKING FOR We're looking for an experienced, technically capable security professional who can combine strong security engineering expertise with practical judgement and clear communication. The ideal candidate will demonstrate: * 5-7 years' experience in cyber security, information security, security engineering, or a related technical security role. * Proven experience providing security guidance across technology projects, enterprise platforms, AI-related initiatives, third-party tools, cloud-based solutions, or internally developed applications. * Strong understanding of security architecture and secure design principles, including identity and access management, data protection, logging, monitoring, encryption, network security, and resilience. * Familiarity with AI-related technologies, enterprise AI platforms, large language models, agentic AI, and the security risks associated with AI adoption. * Experience conducting STRIDE-based threat modelling, technical risk assessments, or security design reviews. * Practical understanding of cloud and enterprise environments, particularly Microsoft 365, Azure, SaaS platforms, and modern workplace technologies. * Ability to translate technical security risks into clear, business-focused recommendations. * Strong written and verbal communication skills, with confidence engaging technical and non-technical stakeholders. * Understanding of security risks associated with third-party AI tools, internally developed AI applications, integrations, automation, and agent-based use cases. * Sound judgement, attention to detail, and the ability to balance security requirements with business needs. * Experience working in an ISO27001-aligned or regulated environment would be beneficial. * Preferred, but not essential, certifications: * ISC2: CISSP, CCSP, SSCP * ISACA: CISM, CISA, CRISC * CompTIA: Security+, CySA+, CASP+ WHY JOIN US Whether you are joining a client facing team, a core services team, or starting out on your professional career journey, joining Brunswick unlocks a range of employee benefits to support your financial future, health and wellness, family and community and continuous professional development. ABOUT BRUNSWICK Brunswick is a global advisory firm. We help companies tackle high-stakes issues, navigate complex stakeholder relationships, and deliver high-impact outcomes. Our clients value our ability to anticipate, shape, and respond to the key players and forces in the financial and investment arena, regulatory and geopolitical universe, NGO community, workforce and beyond. They rely on us for deep experience, fresh perspectives and original thinking. So, in Brunswick you will find an exceptional range of experience and talent with a rich mix of backgrounds. From the beginning, we have prioritized attracting, developing, and retaining the best professionals in the industry, united by a culture of inclusivity, excellence, and intellectual curiosity. Founded in 1987 in London, the firm has organically grown to 27 offices in 18 countries across the Americas, Europe, Middle East, Africa, Asia and Australia. We operate as a “one-firm firm” with no individual profit centers. This allows us to assemble fully integrated, bespoke teams for each client, able to draw on the full resources of Brunswick anywhere in the world. Brunswick is an equal opportunity employer. All qualified applicants will be considered without regard to race, religion, color, national origin, gender, sexual orientation, age, disability, pregnancy, genetic information, or any other status protected by applicable law. Please read our Global Privacy Notice to understand how your data is managed.