Do you breathe cyber security and are you looking for a place where you can make an impact on the security of a wonderful organisation from day one?
The HEMA Security Office is the central location for information security and is the youngest and fastest growing team within HEMA. We have a very complex IT landscape, countless websites and terabytes of data flowing through our networks. Besides availability, security is also crucial. There are great challenges (for you!) at the Security Office. Do you want to establish workable security policies and optimise existing processes? Automate security controls and build custom tooling? Or help DevOps teams keep their CI/CD environment as secure as possible in an efficient way? You'll make a big impact at HEMA, because our systems facilitate some 250 software developers, more than 700 office colleagues and millions of customer interactions every day. Without downtime, and as secure as possible. Will you join us in building a secure retail landscape, from office to distribution centre?
make an extraordinary impact!
As a Security Engineer, we will onboard you within the HEMA Security Office, HEMA's central security organisation. The atmosphere? Informal and dynamic. The challenges? Every day is different. Acting on security incidents and helping over 19,500 colleagues become (and stay!) security-aware are at least part of your role as a Security Engineer. Together with other Security Engineers, Security Analysts and internal and external colleagues from the HEMA Security Office, you will ensure that HEMA becomes a little more secure every day. A role with extraordinary impact, because if you live up to that ambition, you will keep every day not only affordable, but also secure. So the stakes are high, just like the eventual payoff.
To best protect our organisation from threats, you have an important role at HEMA as a Security Engineer. In this role, you will report directly to the Chief Information Security Officer (CISO), but will collaborate a lot with HEMA's Digital teams. Among other things, you will be involved in shaping the security elements of our IT architecture, helping transform DevOps into true DevSecOps teams and implementing internal security projects. In addition, you will help streamline security processes and be the security partner for our internal teams, thinking (pro)actively about security across the organisation.
With your hands-on experience, you will bring a fresh perspective to all parts of the IT organisation. From all the headquarters departments to the Utrecht distribution centre and from our own stores at home and abroad to the franchisees. You will also work with external stakeholders such as suppliers, partners, consultants, auditors and the Security operations Centre (SOC).You must be able to provide solicited and unsolicited advice and information to the IT organisation on various implementations for the benefit of IT security.
Job characteristics
- You will be the go-to person for security issues at HEMA and are the link between technology, security and the business
- You will actively contribute to the secure design of our DevOps lifecycles
- You will manage and orchestrate security tooling throughout the organisation
- You will push security to a higher level among technical teams in particular
- You will perform security assessments/pentests and help colleagues interpret and eliminate security risks
- You will work with internal and external colleagues/partners on one of many security projects, from network architecture to Security monitoring
- You will help grow the HEMA Security Office in terms of people, technology and processes
Our favourite tech-stack
This is what we like to work with:
- An external Security operations centre at one of our security partners
- Vulnerability management tooling, on-prem and in the cloud
- A laptop for locally building and running tools, scripts, etc.
- Jira Service Management, Confluence and TOPdesk
- Are we missing something? Build it yourself
this is what you'll get at HEMA
- A small team, in which freedom, trust and continuous development are number one... And pizza and caffeine a close second
- Development and security community: As a technical security team, we understand that learning does not stop at attending training courses such as OSCP and CISSP. You get the extra value from learning from other security experts at events such as Troopers, MCH, BruCon, DefCon and by participating in CTFs. We provide room for this, because all work and no play makes Jack a dull boy
- The toys and tools you need to do your job
- A gross salary between €4,100 and €6,000
- Travel and expense allowance, a fixed (!) bonus of 4%, a variable bonus of up to 14%, a pension scheme and a generous discount on everything that makes HEMA extraordinarily good
- A unique setting: a fast-moving retailer and the most archetypal Dutch brand, with its own product development and international reach
- Flexibility: you can work where you work best (by agreement)
- Nice headquarters: At the NDSM wharf, above a bustling HEMA store
- The chance to make the everyday lives of millions more fun and the everyday lives of your 19,500 global colleagues extraordinarily more secure
this is what HEMA needs from you
- You combine a relevant IT (security) HBO (higher professional education) or WO (university) degree with a tremendous passion for security, as shown through your interests, projects, Capture the Flag scoreboards or your endless insights into specific security topics
- You have solid knowledge of what is happening in information security and are able to translate these developments into consequences and actions for HEMA
- Experience and certifications in Offensive Security (Red), Security Operations (Blue) and/or Risk Management. These include certifications such as OSCP, OSEP, eCPPT, CRTP, CSFA, eCMAP, GCFA, CISM and CISSP
- You have excellent communication skills and are good at building bridges between technology, security and business. Your verbal and non-verbal soft skills are as great as your passion for security
- You feel at home in a dynamic environment where driven teams work at a rapid pace and with great drive
- You have a pragmatic attitude and like to get things done 'quickly'
- Because we work internationally, good knowledge of the English language (spoken and written) is no problem for you
make an extraordinary impact!
As a Security Engineer, we will onboard you within the HEMA Security Office, HEMA's central security organization. Building tools, acting on security incidents and helping over 19,000 colleagues become (and stay!) security-aware are part of your role as a Security Engineer. Together with other Security Engineers, Security Analysts and internal and external colleagues from the HEMA Security Office, you will ensure that HEMA becomes a little more secure every day.In this role, you will report directly to the Chief Information Security Officer (CISO) and you will collaborate a lot with HEMA's Digital teams. Among other things, you will be involved in shaping the security elements of our IT architecture, helping transform DevOps into true DevSecOps and guiding and implementing internal security projects. In addition, you will help streamline security processes and building internal scripts and tools. You are the security partner for our internal teams, thinking (pro)actively about security across the organization.
With your hands-on experience, you will bring a fresh perspective to all parts of the Security and IT organisations. You must be able to provide solicited and unsolicited advice and information to the organisation on various implementations for the benefit of information security.
Job characteristics
- You will be the go-to person for security issues at HEMA and are the connection between technology, security and the business.
- You will actively contribute to the secure design of our DevOps lifecycles.
- You will manage and orchestrate security tooling throughout the organization.
- You will push security to a higher level among technical teams in particular.
- You will perform security assessments/pentests and help colleagues interpret and mitigate security risks.
- You will work with internal and external colleagues/partners on one of many security projects, from network architecture to Security monitoring.
- You will help grow the HEMA Security Office in terms of people, processes and technology.
this is what you'll get at HEMA
- A gross monthly salary ranging from €4400 to €6400 euros, based on a 40-hour workweek.
- 8% holiday allowance and 30 vacation days based on a 40-hour workweek.
- A variable bonus that can go up to as much as 14%.
- 15% employee discount on all your HEMA favorites, discounts on most HEMA insurance policies.
- A year-end bonus of 4%.
- A net monthly expense allowance of 45 euros.
- A solid pension plan for your retirement.
- For distances of 10 to 30 kilometers between your home and workplace, you'll receive a travel expense reimbursement of 21 cents per kilometer.
- Access to the benefits at work discount platform, with discounts on well-known brands and amusement parks
this is what you bring to HEMA
- You've got a solid track record in PEN testing, digital forensics, security architecture, Dev(Sec)Ops, AWS, Azure.
- You're a pro at translating business problems to IT solutions.
- You have all the relevant IT certifications and degrees to back you up.
- Your tremendous passion for the IT security field shows: you're up to date about all the latest trends.
- You're a great communicator who can build bridges between tech, security, and business.
- You've worked with digital teams and coached teammates before.
- You're all about getting things done quickly and efficiently.
Het salaris bedraagt €4400 - €6400