Security Engineering

Marktplaats in The Netherlands, and 2dehands and 2ememain in Belgium, are part of Adevinta: a global online classifieds specialist. The three brands are hosted on a multi-tenant platform, operated from our Amsterdam location, and are the top players in the classifieds space throughout the Benelux region. 

We offer consumers the opportunity to trade their unwanted products and contribute to a greener, circular economy. We offer businesses - of all sizes, from the smallest hobbyist to the biggest brands in Benelux - a platform to showcase their goods and services online to over 11 million monthly unique users.

As the Defensive Security Engineer, you will be part of the company’s Incident Response (IR) team and collaborate with our Security Operations Centre (SOC) provider. This role is crucial in defending our digital assets, ensuring an effective response to security incidents, and proactively enhancing our defensive posture. This position requires autonomy and pro-activeness skills, and a deep understanding of defensive cybersecurity technologies.

You will be instrumental in ensuring that Adevinta’s security strategy covers industry-relevant security standards. The Incident Response team is part of the Information Security department where your team will collaborate with other services such as Vulnerability Management, Bug Bounty programs, and SPLC  Security among others.

What you will do:

You will contribute to the Incident Response (IR) team’s efforts by fostering a culture of proactive defence and continuous improvement through active participation in response processes and initiatives.

You will actively participate in the incident response lifecycle, including preparation, detection, analysis, containment, eradication, recovery and learning, ensuring timely and effective responses to potential threats.

You will support the development and refinement of incident response policies, playbooks, escalation procedures, and tabletop exercises. Additionally, you will contribute to post-mortem analyses to improve incident detection and response capabilities continuously.

You will work closely with other relevant teams and roles, such as the DPO, Privacy, Global Incident Teams, the rest of the InfoSec teams, and E&C, ensuring effective communication and alignment during incident response efforts.

You will assist in managing the external MSSP by ensuring alignment with organisational policies, standards, and expectations regarding service quality. You will collaborate with the SOC team to monitor and assess the performance of security monitoring, triage, and alerting processes, contributing to optimising SOC operations and improving efficiency.

You will participate in the operations and enhance the control of defensive security technologies, including EDR, SIEM, DLP, NIDS, and threat intelligence solutions.

You will gather, analyse, and operationalise threat intelligence information to enhance detection, response, and prevention efforts, ensuring timely identification and mitigation of potential threats.

You will collaborate to prepare periodic reports and collaborate with cross-functional teams to share valuable insights gained from alerts and incidents. This collaboration will help drive enhancements to security controls and inform product decisions to reduce the frequency and impact of future incidents.

You will report to the Incident Response Manager.

You may be required to travel occasionally, mainly to the EU.

You will work in a hybrid remote/on-site environment, with the team physically spread across different geo-locations (Adevinta’s hubs - Barcelona & Amsterdam).

You will have the possibility of being on-call. 

Who you are:

• An experienced security analyst with the mentioned solutions and resolving security incidents in large enterprise environments.

• You are familiar with Incident Management At Google (IMAG).

• Structured, analytical, autonomous and proactive persona.

• Familiar with the Agile methodology.

• Experience with security frameworks and methodologies such as MITRE ATT&CK, ENISA or NIST.

• You have a hacker and an open mindset.

• You have software development skills.

• You have a good understanding of AWS Cloud technologies, services, security capabilities, and controls such as SCPs, Security Groups, IAM, etc.

• You understand SDLC (coding and development) with modern tooling and ecosystems such as Kubernetes, Github, Github Action, infrastructure as code, etc.

• You have excellent knowledge of security for networks, protocols, systems and applications.

• You have strong analytical and problem-solving skills, with the ability to synthesise complex data into actionable insights.

• You are fluent in English (spoken and written).

• You have excellent communication and interpersonal skills, with the ability to build relationships and influence others.

• You have demonstrated an ability to work in a multicultural environment.

Nice to have:

• Public or private presentations.

• Open source contributor.

• Participated in conferences and trainings.

• Certifications.

• Member of bug bounty programs, CTF player or member of ethical hacking communities, recognised in the Hall of Fame, CVE mentions or vulnerability reporter.

6148523063484d364c79397a5a57

4e31636d6c306553316c59584e30

5a5849745a57646e4c6e4d7a4c57

56314c58646c633351744d533568

625746366232356864334d755932

39744c3256680a6333526c636c39

6c5a326375644746794c6d64360a

Life at Adevinta comes with its perks! Our Adevintans enjoy the following benefits:

• An attractive Base Salary 💸

• Participation in our Short Term Incentive plan (annual bonus) 🏆

• Work From Anywhere: Enjoy up to 20 days a year of working from anywhere! Maybe not from the moon🌛well why not! just make sure you have internet connection! 🌍

• A 24/7 Employee Assistance Program for you and your family, because we care ❤️

• Win together, lose together is one of our key behaviours. At Adevinta you will find a collaborative environment with an opportunity to explore your potential and grow 🌱

On top of these, we also provide a range of locally relevant benefits. Wanna know more? Apply and ask our recruiters! ✨

Adevinta is an equal opportunity employer and we value diversity. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status or disability status.

If you feel like you don’t meet all of the requirements for this role but are interested, please consider applying anyway. Research suggests that women and individuals from underrepresented groups may self-select out of opportunities if they don’t meet 100% of the job requirements. We strongly encourage people from historically excluded groups to apply and look forward to speaking with you.