Senior Application Security Engineer (Contract)

Application Security Engineer (Contract) – Amsterdam (Hybrid)

I’m working with a rapidly growing organisation in the digital assets/financial services space that is looking for an experienced Application Security Engineer to join their team in Amsterdam. This role sits at the heart of their development lifecycle, ensuring that security is embedded into every stage of the SDLC and that their trading platforms and customer-facing applications remain secure, resilient, and compliant.

You’ll partner closely with developers, product owners, and security colleagues to identify vulnerabilities, improve processes, and guide the secure design of applications. The right person will have deep technical knowledge of application security, hands-on experience with modern security tooling, and the ability to work cross-functionally in a high-paced environment.

Key Responsibilities:

• Perform deep code reviews to uncover vulnerabilities such as logic flaws and race conditions.
• Work alongside product and development teams to architect secure applications and provide ongoing guidance.
• Set up, configure, and maintain SAST, DAST, and SCA tools.
• Manage the bug bounty programme, validating and prioritising issues raised by external researchers.
• Plan and coordinate application security assessments, including black box and red/purple team exercises.
• Ensure compliance with frameworks and standards such as SOC 2, ISO 27001, and GDPR.
• Conduct security due diligence on third-party systems and integrations.

What they’re looking for:

• 8+ years’ experience in application or product security engineering, ideally within financial services, fintech, or crypto.
• Strong knowledge of secure coding practices, OWASP Top 10, and modern application architectures.
• Experience with cloud environments (AWS, Azure, or GCP) and Linux-based systems.
• Familiarity with secure SDLC processes and automation.
• Relevant certifications (e.g. OSWE, OSCP, CSSLP) are desirable.
• Strong communicator, confident working with developers and senior stakeholders alike.

Hybrid setup with 2 days per week onsite in Amsterdam.

Please note: visa sponsorship is not available for this role, so candidates must have the right to work in the Netherlands.