Security application engineer

About the role

As a Security Application Engineer, you will play a key role in embedding security, compliance, and reliability into our IoT cloud applications across their full lifecycle. You combine hands-on security engineering with process ownership and regulatory awareness, ensuring our solutions are secure by design, operationally reliable, and compliant with European regulations such as the Cyber Resilience Act (CRA) and NIS2. You will collaborate closely with development teams, architects, and stakeholders to strengthen the security posture of our cloud ecosystem and support continuous improvement initiatives.

Your responsibilities

You will contribute to both security engineering activities and process & compliance ownership:

Security engineering

• Perform security design reviews and threat modeling (in cooperation with our suppliers) for new features and system changes
• Identify, assess, and mitigate vulnerabilities in:
• Cloud services and infrastructure
• APIs and integrations
• Device–cloud communication
• Supporting tooling, CI/CD pipelines, and development environments
• Translate security requirements into practical and implementable technical controls together with development teams
• Organise and follow up on penetration testing activities, ensuring findings are properly remediated

Processes and governance

• Define, implement, and continuously improve security-related processes and procedures, including:
• Vulnerability management and disclosure
• Secure software update and patch management
• Security documentation and evidence collection
• Support audits, internal assessments, ,and regulatory compliance activities (e.g. CRA, NIS2)
• Contribute to security awareness and best practices within engineering teams

Operational support

• Support the daily operations of our IoT cloud applications, including:
• Incident follow-up and root cause analysis
• Responding to service-related questions
• Supporting reliability and service continuity initiatives
• Participate in an on-call/standby rotation (future scope)

Your profile

Experience & knowledge

• Bachelor’s or Master’s degree in Computer Science, Engineering, or equivalent experience
• Experience in application and/or cloud security (preferably in an IoT or distributed system context)
• Good understanding of:
• Web and API security (e.g. OWASP Top 10)
• Authentication and authorization mechanisms (OAuth2, OpenID Connect, JWT, etc.)
• Secure communication protocols (TLS, MQTT, HTTPS)
• Familiarity with cloud platforms (e.g. AWS, Azure, or GCP) and their security services
• Experience with secure software development practices and DevSecOps concepts

Nice to have

• Experience with IoT architectures and device–cloud interactions
• Knowledge of European regulatory frameworks (CRA, RED-DA, NIS2)
• Experience with penetration testing coordination or interpreting pentest reports
• Familiarity with standards such as ISO 27001, or similar
• Experience with risk-based frameworks (e.g. CIS controls)
• Experience with monitoring, logging, and incident response in cloud environments

Soft skills

• Strong analytical mindset and problem-solving skills
• Ability to translate abstract security requirements into practical solutions
• Good communication skills and ability to work with cross-functional teams
• Proactive attitude with a focus on continuous improvement

Our offer

This challenging position offers you growth opportunities at the European headquarters of global leading company. We offer a permanent contract for an indefinite period. From the start you can count on thorough training and intensive support. Your competitive salary is supplemented with an attractive package of fringe benefits.

Hybrid: You will have the possibility to work from home 2 days per week.

Location: Tech Lane Ghent Science Park