Data Security Engineer, Utrecht

Join the SecOps team that keeps our data—and innovation—safe Every day, thousands of systems, applications, and analytical processes interact with highly sensitive datasets—from customer information to operational metrics to partner integrations. You help secure all of it.

How you make our customers happy You ensure that

data is collected, stored, processed, transported, and deleted according to its value and associated risks , without slowing down the pace of innovation. You help design and build guardrails that engineers want to use because they are robust, automated, and aligned with how modern development teams work.

The biggest challenge In a world where data moves freely between microservices, cloud providers, warehouses, and ML pipelines, the attack surface grows exponentially. Sensitive information is everywhere, and adversaries know it.

Your challenge:

keep our data secure even when it is highly distributed, rapidly transforming, and consumed by an ever‑expanding ecosystem of applications and partners .

Think:

Classifying data by sensitivity at scale

Ensuring encryption at rest, in transit, and increasingly

in use

Implementing data‑centric security controls, preventive, detective and if all else fails: responsive.

Protecting data in massively parallel analytics platforms

Securing ML feature stores and model inputs/outputs

Designing key management architectures that don’t become bottlenecks

Building cost effective detection logic on huge amounts of data that spots data leakage early

All while upholding close to 100% availability and supporting fast‑moving product teams.

What you do as a Data Security Engineer In this role, you are the

data protection security engineer

inside our multidisciplinary security operations team.

You will:

Perform deep‑dive reviews of

data flows and products, storage architectures, ETL pipelines, streaming systems, APIs , and cloud‑native data platforms part of GCP

Design and implement

data security controls

tailored to the value and sensitivity of the data (classification‑driven security).

Engineer

end‑to‑end encryption strategies , including envelope encryption, HSM/KMS integrations, key rotation automation, and secrets management for high‑throughput systems.

Define and deploy

tokenization , pseudonymization , masking , and data minimization

controls—knowing when each is fit for purpose.

Contribute to

state‑of‑the‑art detection engineering , spotting early‑stage data exfiltration attempts or misuse.

Work closely with data engineering, analytics, and ML platform teams to embed security into data everything we do.

Collaborate with cloud engineering teams on

identity‑aware data boundaries , access controls, and dynamic authorization in complex, cloud native setups.

Make data‑security automation a default—CI/CD checks, IaC security patterns, automated classification, policy‑as‑code, and self‑service guardrails.

You work side‑by‑side with security engineers, data engineers, product teams, AI specialists to keep our data—and our platform—secure.

We have a lot to offer—no dull moments Our security landscape changes fast. You’ll work with new technologies, evolving regulations, and increasingly advanced threat actors. You will have real ownership: we encourage experimentation, unconventional ideas, and engineering craftsmanship.

We follow the principle:“A good security engineer is manually lazy.” If it can be automated, we automate it. That gives you more time for the hard, interesting challenges.

We love people who share knowledge, who aren’t afraid of failed experiments, and who help raise the maturity of others. Security shouldn’t slow innovation—it should enable safer and faster innovation , and you’ll play a central role in making that real.

Why you can make the difference Because you’re a security engineer who lives and breathes data. You understand that not all data is equal—and that

controls must match the risk, value, and lifecycle of the data , without burdening teams unnecessarily.

Must‑haves:

Experience with cloud powered data‑heavy environments (e.g., analytics platforms, microservices ecosystems, AI/ML pipelines)

Solid understanding of encryption, key management, secrets management, access control models, secure data architectures

Familiarity with cloud‑native data solutions (preferably in GCP)

Proficiency in Python, or similar scripting languages

But more important than exact tech stacks is your mindset : collaborative, curious, pragmatic, and always ready to dive deep.

3 reasons why this is (not) for you Pros

You know your stuff You’re fascinated by encryption, secure data architectures, KMS/HSM, privacy‑enhancing technologies, and the nuances of protecting distributed data at scale.

Work together You communicate openly and enjoy helping colleagues across engineering, data, and business disciplines.

Proud of what you do You take ownership of your designs and defend them with care—you stand behind your solutions.

Cons

You’re always right If you’re close‑minded and treat other opinions as noise, this isn’t your place.

Never ask for help If you sit on problems instead of collaborating, you’ll struggle here.

Works on my machine If you avoid shared responsibility for the full lifecycle of your solutions, this won’t be a match.

This is where you'll work At the premier online retail tech platform of the Netherlands and Belgium. A platform serving 13 million customers, supporting 49,000 partners, and powered by over 2,900 colleagues.

Our mission: reinvent retail—together. Our belief: diversity fuels better ideas, safer systems, and stronger innovation.

Bring your story. Bring your craft. Let’s build the safer, smarter future of data together.

#J-18808-Ljbffr