Senior Information Security Engineer

Solliciteer nu »

Datum: 24 feb. 2026

Plaats: Den Haag, ZH, NL, 2521 CA

Bedrijf: PostNL

Senior Information Security Engineer (High Code & Low Code)

  • Location: The Hague
  • Hours per week: 37 hours
  • Scale 12
  • Degree: Bachelor/master
  • Experience: Senior

 

As Senior Information Security Engineer within the Data & Applications domain, you are responsible for designing, implementing and improving security controls across both high-code and low-code application landscapes. You combine deep technical expertise with a pragmatic security mindset, ensuring secure-by-design development practices while enabling innovation and speed.

You work closely with DevOps teams, platform engineers and architects to embed security in application development pipelines, cloud platforms and low-code ecosystems. You translate policies and risk requirements into concrete technical implementations, automation and guardrails that protect PostNL’s data and critical business processes.

 

Why choose PostNL as Senior Information Security Engineer?

  • Impact: You directly strengthen the technical security posture of business-critical data platforms and applications.
  • Innovation: Work in a hybrid landscape of cloud-native high-code development and rapidly growing low-code platforms.
  • Visibility: Security is high on the IT board agenda. Your expertise influences architectural decisions.
  • Ownership: You help define secure development standards and technical security baselines.
  • Development: Opportunity to deepen expertise in DevSecOps, cloud security and platform security engineering.

 

Your role

The Data & Applications team is part of the PostNL Cyber Security Office (CSO). We operate as a second-line function while working closely with DevOps and platform teams across PostNL.

As Senior Information Security Engineer, you:

  • Design and implement security-by-design principles in high-code (e.g., custom development) and low-code environments (e.g., Power Platform, Mendix, OutSystems or similar).
  • Define and enforce secure coding standards and CI/CD security controls (SAST, DAST, dependency scanning, IaC scanning).
  • Implement automated security controls within DevSecOps pipelines.
  • Advise on secure architecture patterns for APIs, integrations and data platforms.
  • Perform deep technical security reviews and threat modeling on new and existing applications.
  • Strengthen identity & access management integrations, secrets management and encryption implementations.
  • Support vulnerability remediation and structural improvement of recurring findings.
  • Contribute to the development of reusable security patterns, guardrails and reference architectures.
  • Act as senior sparring partner for architects, lead developers and platform owners.

You balance control and enablement: security must be robust, but also workable and scalable within agile development environments.

 

Your colleagues

Within the Cyber Security Office, you are part of the Data & Applications domain, collaborating closely with:

  • DevOps teams across business units
  • Cloud platform teams
  • Enterprise and solution architects
  • Business Information Security Officers
  • Privacy and Data Governance teams

You play a key role in raising the technical security maturity of development teams and ensuring consistency across the organization.

 

What you bring

  • Bachelor or Master degree in Computer Science, Cybersecurity or similar.
  • 5+ years of experience in application security engineering or DevSecOps roles.
  • Strong hands-on experience with secure coding practices (e.g., OWASP Top 10, API security, authentication flows).
  • Experience implementing security tooling in CI/CD pipelines (SAST, DAST, SCA, container scanning).
  • Experience with cloud environments (Azure preferred) and cloud-native security controls.
  • Experience securing low-code platforms and defining governance models for citizen development.
  • Knowledge of ISO27001, NIST CSF and CIS benchmarks.
  • Experience with threat modeling and security architecture reviews.
  • Certifications such as CISSP, CSSLP, CCSP, AZ-500 or equivalent are a plus.
  • Excellent English communication skills; Dutch is considered a plus.

You are technically strong, pragmatic, able to influence senior engineers and comfortable operating in complex enterprise environments.

 

What we offer

We support our people with a motivating work environment and enthusiastic colleagues, a commitment to promoting from within and a belief that every employee deserves a productive life outside of work.

  • This position is on scale 12 (between € 5.200,- and € 7.559,- a month), depending on experience.
  • Full-time working week of 37 hours.
  • 8% holiday pay and 25 holiday days (full-time).
  • Flexible working hours to support work/life balance.
  • Hybrid working model from home and from our head office next to Den Haag – Hollands Spoor station.
  • NS Business Card for business travel and commuting.
  • Collective health insurance and pension via the PostNL pension fund.
  • Strong internal training and development opportunities.

 

Questions about this vacancy?
Feel free to contact our recruiter Alyssa Bhoendie at 06-13462368 or alyssa.j.bhoendie@postnl.nl.