Senior AppSec Engineer

In 2018, Bitvavo launched the first version of its digital assets trading platform, to bridge the gap between traditional currencies and digital assets. By offering transparent fees, a wide range of assets and an easy to use platform, Bitvavo is making the currency of the future accessible for everyone.
In two years' time, Bitvavo has established itself as the market leader in the Netherlands and one of the largest in Europe, with over one million users exchanging tens of billions of digital assets a year.
Our team, located in Amsterdam, is looking for self-driven, talented people who can help make digital assets available for everyone.

We are seeking a Senior AppSec Engineer to join our Security team at Bitvavo, a leading cryptocurrency exchange. This role combines hands-on technical expertise with program development and enablement, ensuring our developers can build and ship secure applications at scale.

The mission is to empower engineering teams to “shift-left”, embedding security into every stage of the software development lifecycle, while also driving automation, vulnerability management, and application security tooling.

• Lead threat modeling and security reviews, with a focus on automation and scalability.

• Drive automated code scanning and strengthen vulnerability management processes.

• Partner with developers across backend and frontend teams to enable secure coding and deployment practices.

• Curate, triage, and validate SCA and SAST findings, streamlining automation workflows.

• Evaluate, implement, and operate security tooling (e.g., SAST/DAST platforms, Semgrep, Wiz, Snyk, Bug Bounty, Supply Chain Security).

• Collaborate with product and platform teams, embedding within project squads when needed to support security feature development

• Build and scale capabilities in pen testing, red/purple team exercises, and developer training.

• Ensure security compliance with relevant frameworks (GDPR, DORA, PCI).

• Former backend or frontend developer who transitioned into security engineering; strong coding and secure development experience.

• 8+ years in secure software development and application security roles.

• Proven track record of building and scaling application security programs from the ground up.

• Technical skills: Proficiency in one or more modern languages (Kotlin, Go, TypeScript, Python). Familiarity with Kubernetes, containerized deployments, and CI/CD environments.

• Cloud expertise: Strong experience with AWS and/or GCP services.

• Security expertise: Strong understanding of Authn/Authz services, API security, and secure coding aligned with OWASP Top 10.

• Tooling familiarity: Experienced with application security tools such as Burp, Wiz, Snyk, Semgrep, SAST/DAST platforms.

• Experience in regulated industries (fintech, payments, crypto, banking) is highly desirable

At Bitvavo, we believe that diverse perspectives drive innovation, foster creativity, and lead to better outcomes. We are committed to building a team that reflects the diversity of the communities we serve and creating an inclusive environment where everyone can thrive. We welcome applicants of all backgrounds, identities, and experiences. Regardless of race, ethnicity, gender, sexual orientation, age, religion, ability, or any other characteristic. Join us and be part of a team that values and celebrates your unique contributions.
Bitvavo does not accept resumes from staffing, search, or recruitment firms without a signed agreement. If you send us a resume without such an agreement, we may contact the candidate directly without any obligation whatsoever and no fee of any kind will be paid should we hire the candidate.

At Bitvavo, we believe in attracting, motivating and retaining talented people through market-competitive offerings that go beyond compensation alone. To learn more about our total rewards package and the benefits we offer, visit our Life at Bitvavo page.