
Eye Security · The Hague - hybrid
ABOUT EYE SECURITY Eye Security is providing cybersecurity with embedded cyber insurance solutions for organizations in Europe. Headquartered in the Netherland...
Eye Security is providing cybersecurity with embedded cyber insurance solutions for organizations in Europe. Headquartered in the
Netherlands, we are already over 170 FTEs and continue to grow internationally.
We combine cutting-edge technology with hands-on expertise to detect, respond to, and recover from cyber threats in real time. Our
team brings together talent from intelligence, military, tech, and consulting backgrounds — all united by a shared mission: to
make enterprise-grade cybersecurity accessible to every business, not just the big players.
At Eye, you’ll work on projects with an international footprint, solving real-world challenges and helping to build a safer
digital future for our clients.
We are looking for a Staff Cyber Security Specialist (f/m/x) to strengthen our Incident Response and Security Operations
capabilities. This is a senior individual contributor role for an experienced incident responder who enjoys solving complex
security challenges and helping organizations navigate critical cyber incidents.
In this role, you will lead incident response engagements from investigation through recovery, working directly with customers
during some of their most challenging moments. You will act as a trusted technical authority within the team, mentor less
experienced responders, and help drive improvements across our security operations.
Unlike traditional consultancy environments, you will operate within a product-driven MDR organization serving more than 1,000
customers across Europe. This gives you the opportunity to work at scale, leverage large security datasets, and contribute
improvements that strengthen protections across our entire customer base.
You will work with state-of-the-art security tooling while collaborating with security professionals from intelligence, military,
consulting, national CERT, and technology backgrounds.
Alongside operational response work, you'll have opportunities to contribute to internal research initiatives, Bug Bounty Fridays,
Capture The Flag events, and other technical projects that help push our capabilities forward.
This position is based in the Netherlands and reports directly to the Director of Security Operations.
helping shape the future direction of our incident response and security operations capabilities.
required.
Operations, or related disciplines.
technologies.
Nice-to-have
Pioneer of online flash sales since 2001 and key player in European e-commerce, Veepee collaborates with over 7,000 brands to offer highly discounted products available for a limited time. Operating across various sectors, including fashion, home, wine, travel or beauty... Veepee achieved a turnover of 3.3 billion euros incl. VAT in 2024 and employs 5,000 staff members across 10 countries. Organization and team The cybersecurity team includes Red/Purple/Blue teamers and risk & compliance oriented profiles, all working together to fix security weaknesses with innovative solutions, adapted to business needs. A Bug Bounty program, an authenticated program on our partner-facing platforms, an annual external Red Team engagement and recurring compliance assessments keep us honest, and our radar sharp. Our threat detection & incident response runs fully in-house, nothing is outsourced: you can touch everything, from detection engineering, case management and response, threat intelligence and the vulnerability lifecycle to the AI agents orchestrated on top of it all. Automation and AI are at the core of everything (who doesn't?): agents triage our alerts 24/7 so humans focus on what matters, an LLM pipeline audits our code, and every confirmed finding feeds a remediation loop with product teams.
ABOUT US The Financial Times is one of the world’s leading news organisations, globally recognised for its authority, integrity and accuracy, with a mission to deliver quality information and services worldwide. At the FT, curiosity thrives and ambitious thinking is rewarded. Here, you’re given the chance to reach millions, create work that matters and deliver impartial journalism in a polarised world. In our warm, collaborative culture, you’ll connect with a diverse community of experts who support your growth, career aspirations and wellbeing Your future at the FT will be filled with opportunities that challenge and inspire you. With no fixed path, you’ll discover new skills and forge a career that can take you anywhere. Build a newsworthy career at the FT. OUR COMMITMENT TO DIVERSITY, EQUITY AND INCLUSION We believe in the power of unique perspectives and want all voices in our organisation to be heard, respected and valued. A supportive workplace is one where employees feel they can be themselves and operate to their full potential. We are committed to removing barriers for everyone, with a focus on addressing those faced by underrepresented groups. THE ROLE OVERVIEW We’re looking for a Senior Cyber Security Engineer to help mature application and cloud security across the FT’s cloud-native, AWS-hosted technology estate. This role has an approximate 50/50 focus across application security and cloud security, working closely with product, platform and engineering teams to make secure delivery easier by default. You’ll shape and improve developer-friendly guardrails across GitHub-based CI/CD pipelines, AWS environments and infrastructure-as-code workflows. This includes improving SAST, software composition analysis, secret scanning, IaC scanning, vulnerability management and AWS misconfiguration management so that findings are actionable, low-noise and owned by the right teams. Day to day, you’ll run practical threat-modelling sessions, review application and cloud designs, improve security playbooks, support vulnerability and misconfiguration remediation, and build automation that reduces toil. We’re looking for someone who has demonstrably improved security outcomes in real engineering environments, not just someone with theoretical knowledge of tools or frameworks. Depending on team structure, you may also mentor or line-manage one or two security engineers, while remaining hands-on and close to the technical work. WHAT YOU’LL BRING TO THE ROLE Application and cloud security experience: practical experience across both application security and cloud security, ideally in AWS-hosted, cloud-native environments. Developer-friendly security mindset: you know how to work with engineers, explain risk clearly and design controls that help teams move securely without unnecessary friction. Vulnerability management at scale: experience improving how application vulnerabilities, dependency risks, bug bounty findings, penetration test findings and advisories are identified, prioritised, owned and remediated across engineering teams. Cloud misconfiguration & vulnerability management: experience identifying and reducing infrastructure-as-code and AWS vulnerabilities & misconfigurations at scale through pragmatic guardrails, tooling and clear remediation paths. Threat modelling: confidence running lightweight, practical threat-modelling sessions that lead to useful engineering decisions and risk reduction. CI/CD and code security: hands-on experience with security tooling such as SAST, software composition analysis, secret scanning and IaC scanning. Automation mindset: ability to write scripts or small tools, ideally in Python, to reduce toil, improve visibility and surface meaningful risk. Security leadership: ability to mentor other security engineers and influence engineers across the wider organisation. Depending on team structure, this may include line management. AI security awareness: experience of leveraging AI to improve and scale appsec and cloud sec controls would be useful, but is not essential. KEY RESPONSIBILITIES Improve application security guardrails Tune and evolve SAST, software composition analysis, secret scanning and related controls so they are actionable, low-noise and useful to engineering teams. Improve cloud and IaC security guardrails Help identify, prioritise and reduce AWS and infrastructure-as-code misconfigurations and vulnerabilities at scale. Drive vulnerability management Improve how application vulnerabilities, dependency risks, bug bounty findings, penetration test findings and third-party advisories are triaged, prioritised and remediated. Drive cloud misconfiguration management Help teams understand, own and remediate cloud security issues using pragmatic, developer-friendly workflows. Run practical threat modelling Facilitate lightweight threat-modelling sessions for new products, features, services and architectural changes. Build automation and tooling Create or improve scripts, integrations, dashboards and workflows that reduce manual effort and make risk easier to understand. Support secure architecture decisions Provide application and cloud security input into design reviews, AWS architecture decisions and larger technical changes. Partner with engineering teams Work closely with product, platform and software engineering teams to embed security into design, delivery and operational practices. Support incidents and lessons learned Provide application and cloud security expertise during incidents and feed lessons learned back into patterns, tooling and guidance. Mentor others Coach security engineers and engineering teams on practical security approaches. Depending on team structure, this may include line management of one or two security engineers. Required Experience, Essential: * Strong practical experience in application security and cloud security, ideally with a balanced focus across both. * Hands-on AWS security experience, including common misconfiguration patterns and practical remediation approaches. * Experience improving vulnerability management across engineering teams, including prioritisation, ownership, remediation tracking and noise reduction. * Experience in improving cloud or IaC misconfiguration management at scale in a developer-friendly way. * Experience integrating, tuning or improving security tooling in CI/CD workflows, such as SAST, software composition analysis, secret scanning or IaC scanning. * Experience running practical threat-modelling sessions that influence design, delivery or remediation decisions. * Ability to write scripts or small tools, ideally in Python, to automate security workflows or improve visibility. * Strong communication and collaboration skills, with the ability to influence engineers and technical leaders without relying on gatekeeping. * Evidence of improving application security, cloud security or vulnerability management practices in a real engineering environment. * Familiarity with Agile or Scrum ways of working. Desirable * Experience with leveraging AI for AppSec and CloudSec. * AWS Certified Security – Speciality or equivalent practical AWS security experience. * Terraform or CloudFormation expertise. * Incident-management or incident-response experience. * Experience with Splunk or similar logging/SIEM platforms. * Experience with security metrics, dashboards or reporting that helped drive measurable risk reduction. * Experience mentoring or line-managing security engineers. WHAT’S IN IT FOR YOU? Our benefits vary by location but we are committed to providing best-in-class perks across all our offices. These include generous annual leave, medical cover, inclusive parental leave packages, subsidised gym memberships and opportunities to give back to the community. Full details of our benefits are available here. We currently operate a hybrid model which requires staff to work onsite 50% of the time, subject to role requirements & regular review. While flexible working requests will be considered, not all patterns are suitable for all roles. We believe this balanced approach supports flexibility and protects our culture, making collaboration and communication easier, building stronger relationships and team cohesion, and supporting peer learning. We reserve discretion on reasonable notice to change this approach either generally or for specific individuals or teams. Accessibility We are a disability confident employer and Valuable 500 signatory. Please let us know if you require any reasonable adjustments/personalisation as part of the application process or to enable you to attend an interview. If you would like to discuss your requirements or have any questions, email talent@ft.com and a member of our team will be happy to help. Further information At the FT, we embrace innovation and the use of technology and appreciate that individuals may leverage AI tools as part of their job application process. Whilst we are happy for you to use AI to assist with your application, it is essential that all information provided is authentic and accurately represents your skills, experience, and qualifications. Candidates should be aware that the use of AI throughout the application process may be monitored to ensure a fair and transparent hiring process for all.
L’histoire du groupe Theodo et son succès Theodo accompagne depuis 2009 les entreprises innovantes dans la conception, le développement et le déploiement de produits digitaux ingénieux - tels que la plateforme TF1+, l'application LCL Pro ou l'application France Identité Numérique - en tirant parti du meilleur de la technologie et de l’approche Lean. Theodo connait une croissance exceptionnelle depuis 15 ans : nos équipes rassemblent plus de 700 Theodoers, principalement des Software Engineers, passionnés de technologie et d’amélioration continue. En 2025, le groupe Theodo génère 100M€ de CA. Theodo Cloud est la practice DevSecOps de Theodo, spécialisée dans la construction d’infrastructures et la cybersécurité cloud. Notre mission : aider les scale-ups et grands comptes à résoudre leurs problématiques business grâce à la tech. Nos équipes construisent des infrastructures scalables, résilientes et sécurisées pour les développeurs et les utilisateurs finaux. L’objectif : faire de l’infrastructure un levier de croissance plutôt qu’un frein. Pionniers de la conteneurisation, nous plaçons aujourd'hui l'innovation au cœur de notre approche Cloud. Nous concevons des offres qui adressent les enjeux les plus actuels du secteur : - accélérer les migrations et modernisations Cloud grâce à l'IA pour créer de la valeur au plus vite - construire et infogérer des environnements d'industries régulées (ex : HDS pour la santé, SecNumCloud) sans sacrifier le time to market - exploiter tout le potentiel des LLMs tout en optimisant la performance cloud, les coûts et la sûreté industrielle. Ton équipe : L’équipe technique de Theodo Cloud est constituée de deux pôles : - le pôle Build, dédié à nos projets de création, migration et optimisation d’infrastructures - le pôle Run, dédié à l’infogérance des infrastructures de nos clients Au build, tu travailles main dans la main avec un ou une Lead DevOps et un ou une Agile Project Manager pour garantir l’impact de tes actions chez nos clients. Au run, tu rejoins une équipe d’une quinzaine de personnes avec laquelle tu gères un portefeuille de clients. L’équipe run dispose également d’un volet build, dédié à l’amélioration continue des plateformes de nos clients. Nous déterminerons ensemble à l’issue de l’entretien RH le pôle sur lequel nous pouvons te positionner. Tes futures missions : En tant que Cloud Engineer, tu travailles sur des infrastructures cloud en suivant les bonnes pratiques techniques et les standards définis par l’équipe. Au run les missions consistent à : - Réagir aux incidents en production et mener des investigations techniques approfondies - Réaliser les post-mortem et assurer une communication claire et structurée avec les clients - Répondre aux interrogations des clients et formuler des recommandations actionnables pour améliorer la qualité, la fiabilité, la sécurité et la performance de leur infrastructure - Concevoir et découper techniquement des fonctionnalités adaptées aux contraintes projet (qualité, coût, délais) Au build tu apprendras à comprendre et répondre aux besoins d’un client sur sa stratégie d’infrastructure : - montage d’infrastructure from scratch - migrations Cloud et Kubernetes - mise en place de pipelines de CI/CD - mise en place d’outils de monitoring et d’alerting - apport des bonnes pratiques DevOps chez nos clients - participation active aux rituels agiles (Scrum) de l’équipe projet La réalisation d’astreintes est également possible, elle se fait sur la base du volontariat. Ce poste de Cloud Engineer est fait pour les personnes curieuses qui veulent monter en compétences rapidement, au contact d’un large panel d’infrastructures et d’outils (AWS, GCP, Azure, Scaleway, Outscale, OVH, …) et de bugs complexes en production. Theodo Cloud est encore une jeune entreprise où il y a de la place pour construire des choses. En parallèle de ton projet, tu auras du temps dédié pour t’investir sur des sujets qui te tiennent à cœur : la formation des équipes business, la diversité, ou le recrutement technique… Tes perspectives d’évolution : La première étape d’évolution chez Theodo Cloud est de devenir Lead, et de devenir ainsi garant de la stratégie technique et de la montée en compétences de ton équipe. Nous proposons ensuite deux tracks d’évolution possibles : - une track Management, qui t’emmènera vers un rôle d’Engineering Manager - une track Expertise, qui te permettra d’accéder à un rôle de Staff Engineer Une méthodologie basée sur l’apprentissage continu : Chez Theodo, nous avons construit notre approche tech autour d’une conviction forte : on développe d’abord les personnes, avant de développer les produits. Notre Lean Tech® System met l’accent sur l’apprentissage continu : tu évolueras dans un environnement qui investit sur le long terme, où l’objectif est de te permettre de progresser chaque jour, tout en construisant des produits utiles et performants pour nos clients. Profil recherché : - Tu disposes d’une solide formation en école d’ingénieur, avec une première expérience en infrastructures Cloud (Kubernetes, Docker, Terraform, AWS, GCP...) - Tu fais preuve de rigueur, d’une bonne gestion du stress, et sais intervenir efficacement sur des environnements de production - Tu as l’envie de progresser rapidement et de travailler en équipe Tu ne coches pas 100% des critères mais tu penses tout de même correspondre à notre recherche ? Ne t’auto-censure pas et envoie-nous ta candidature, on se fera un plaisir de l’étudier ! Pour information : - Le poste est proposé en CDI, basé depuis nos locaux à Paris. - Le salaire proposé dépend du niveau d’expérience de chacun : nous en parlons toujours dès le premier appel téléphonique. Déroulement des entretiens : Nous répondons à toutes les candidatures dans un délai de 2 jours. Si ton parcours retient notre attention, voici le process qu’on te propose : - un appel téléphonique de 30 minutes avec un membre de l’équipe recrutement, pour comprendre tes critères de recherche - un entretien d’une heure avec le recruteur ou la recruteuse avec qui tu as échangé à la première étape, pour parler plus en détail de la culture Theodo - un entretien de technique théorique de 45 minutes - un entretien technique de debug de 45 minutes - un échange de 30 minutes avec un membre de l’équipe dirigeante Notre process dure 1 semaine en moyenne. Tu seras accompagné(e) par un membre de l’équipe recrutement, qui sera là pour te coacher tout au long du process.