Working at Mercell

At Mercell, we're on a mission to revolutionise public procurement, making it accessible and effortless for everyone involved. Imagine a world where public buyers and visionary suppliers come together seamlessly to make a great deal easier and shape the future. That's what we're all about.

With a dynamic culture built on continuous growth, trust, and collaboration, Mercell offers an environment where your talents can thrive. You will be part of an international environment with ambitious and dedicated colleagues who are passionate about what they do and supported to be themselves.

Your Mission

Mercell’s Trust & Security team is seeking someone to help expand the security operations area. This role will focus on strengthening the existing security landscape while leading new, greenfield initiatives and projects, such as vulnerability management, CIS Benchmarking, as well as working on refining the existing SDLC in terms of security in collaboration with the Infrastructure and Development teams.

Core Responsibilities

• Vulnerability Management and Bug Bounty Program
  • Lead the Vulnerability Management program by identifying, prioritising, and remediating security vulnerabilities. Manage the Bug Bounty Program, coordinating with external security researchers to uncover vulnerabilities and strengthen the platform’s resilience.
• Security Strategy
  • Help design Mercell's Security Architecture for Infrastructure and Development
  • Integrate “security by design” principles across the Software Development Lifecycle (SDLC) and platform. Embed security controls within development processes, aligning with OWASP, CIS, and NIST standards.
• Access Control Program Development:
  • Design and implement a robust access control program, managing and monitoring user permissions across the platform to maintain a least-privilege access model.
• Business Continuity Planning/Disaster Recovery and Backup Strategy:
  • Design and implement BCP and DR processes for infrastructure and platform stability. Develop and maintain a backup strategy to ensure reliable data recovery, aligning with compliance and business requirements.

• Audit and Compliance Support:
  • Act as the primary contact for audit and compliance tasks, overseeing evidence collection and ensuring alignment and adherence to CIS 1.2 benchmarks and internal security controls.
• Incident Management
  • Contribute to the deployment and management of SIEM
  • Assist in maturing the Incident Response process in regards to application and platform, including the introduction of Intrusion Detection and Prevention Systems (IDS/IPS), to ensure rapid and effective responses to security incidents.
    
    

Required Experience

• Vulnerability Management and Penetration Testing: Expertise in identifying, assessing, remediating, and mitigating vulnerabilities.
• Business Continuity and Disaster Recovery (BCP/DR): Experience in designing, implementing, and optimizing BCP and DR strategies to ensure operational resilience.
• Software Development Lifecycle (SDLC) and CI/CD Pipelines: Demonstrated success in advancing security SDLC processes and enhancing CI/CD pipelines.
• Collaborative Agile Development: Proven ability to work effectively with cross-functional teams within a structured Agile framework.
• Program Increment (PI) Planning: Skilled in participating in PI planning to align teams with security objectives.
  

Preferred Experience

• Proficiency in cloud security and serverless infrastructure (AWS).
• Strong understanding of compliance frameworks (ISO 27001, NIST, SOC 2, C5).
• Advanced knowledge of threat modeling and risk assessment.
• Expertise in automation tools (Terraform, Jenkins).
• Effective stakeholder communication and reporting skills.
  

Start date: As soon as possible.
Duration: Full time
Workplace type: Hybrid remote
Location: Utrecht, Netherlands
Application Deadline: 10.01.2024. However, do not wait to submit your application - we will read applications and talk to potential candidates as we receive them.

What we offer

As a fast growing technology company, we are committed to taking care of our employees through initiatives such as hybrid work to support work-life balance, health and insurance plans (may differ per country/office), pension plans, paid parental leave, social happenings and competitive salary packages. Please see https://career.mercell.com/posts/our-perks-benefits to get more insights on what to expect of perks, benefits and culture when joining Mercell.

Has this sparked your interest?

Then we can't wait to have you join our mission and look forward to receiving your application!

If you have questions for this position, we are happy to chat with you. Please reach out to Charles Wilson
Director of Trust and Security
Email: Charles.Wilson@mercell.com

We may carry out background checks on applicants to verify information that appears on CVs and other documentation. This background check is carried out by an external party and is not carried out without the consent of the applicant. Current applicants will receive further information about this.