Data Security Engineer

Join the SecOps team that keeps our data—and innovation—safe

Every day, thousands of systems, applications, and analytical processes interact with highly sensitive datasets—from customer information to operational metrics to partner integrations. You help secure all of it.

You ensure that data is collected, stored, processed, transported, and deleted according to its value and associated risks, without slowing down the pace of innovation. You help design and build guardrails that engineers want to use because they are robust, automated, and aligned with how modern development teams work.

The biggest challenge

In a world where data moves freely between microservices, cloud providers, warehouses, and ML pipelines, the attack surface grows exponentially. Sensitive information is everywhere, and adversaries know it.

Your challenge: keep our data secure even when it is highly distributed, rapidly transforming, and consumed by an ever‑expanding ecosystem of applications and partners.

Think:

• Classifying data by sensitivity at scale
• Ensuring encryption at rest, in transit, and increasingly in use
• Implementing data‑centric security controls, preventive, detective and if all else fails: responsive.
• Protecting data in massively parallel analytics platforms
• Securing ML feature stores and model inputs/outputs
• Designing key management architectures that don’t become bottlenecks
• Building cost effective detection logic on huge amounts of data that spots data leakage early

All while upholding close to 100% availability and supporting fast‑moving product teams.

What you do as a Data Security Engineer

In this role, you are the data protection security engineer inside our multidisciplinary security operations team.

You will:

• Perform deep‑dive reviews of data flows and products, storage architectures, ETL pipelines, streaming systems, APIs, and cloud‑native data platforms part of GCP
• Design and implement data security controls tailored to the value and sensitivity of the data (classification‑driven security).
• Engineer end‑to‑end encryption strategies, including envelope encryption, HSM/KMS integrations, key rotation automation, and secrets management for high‑throughput systems.
• Define and deploy tokenization, pseudonymization, masking, and data minimization controls—knowing when each is fit for purpose.
• Contribute to state‑of‑the‑art detection engineering, spotting early‑stage data exfiltration attempts or misuse.
• Work closely with data engineering, analytics, and ML platform teams to embed security into data everything we do.
• Collaborate with cloud engineering teams on identity‑aware data boundaries, access controls, and dynamic authorization in complex, cloud native setups.
• Make data‑security automation a default—CI/CD checks, IaC security patterns, automated classification, policy‑as‑code, and self‑service guardrails.

You work side‑by‑side with security engineers, data engineers, product teams, AI specialists to keep our data—and our platform—secure.

We have a lot to offer—no dull moments

Our security landscape changes fast. You’ll work with new technologies, evolving regulations, and increasingly advanced threat actors. You will have real ownership: we encourage experimentation, unconventional ideas, and engineering craftsmanship.

“A good security engineer is manually lazy.”

If it can be automated, we automate it. That gives you more time for the hard, interesting challenges.

We love people who share knowledge, who aren’t afraid of failed experiments, and who help raise the maturity of others. Security shouldn’t slow innovation—it should enable safer and faster innovation, and you’ll play a central role in making that real.

Why you can make the difference

Because you’re a security engineer who lives and breathes data. You understand that not all data is equal—and that controls must match the risk, value, and lifecycle of the data, without burdening teams unnecessarily.

Must‑haves:

• Experience with cloud powered data‑heavy environments (e.g., analytics platforms, microservices ecosystems, AI/ML pipelines)
• Solid understanding of encryption, key management, secrets management, access control models, secure data architectures
• Familiarity with cloud‑native data solutions (preferably in GCP)
• Proficiency in Python, or similar scripting languages

But more important than exact tech stacks is your mindset: collaborative, curious, pragmatic, and always ready to dive deep.

3 reasons why this is (not) for you

• - You’re always right If you’re close‑minded and treat other opinions as noise, this isn’t your place.
• - Never ask for help If you sit on problems instead of collaborating, you’ll struggle here.
• - Works on my machine If you avoid shared responsibility for the full lifecycle of your solutions, this won’t be a match.

• + You know your stuff You’re fascinated by encryption, secure data architectures, KMS/HSM, privacy‑enhancing technologies, and the nuances of protecting distributed data at scale.
• + Work together You communicate openly and enjoy helping colleagues across engineering, data, and business disciplines.
• + Proud of what you do You take ownership of your designs and defend them with care—you stand behind your solutions.

This is where you'll work

At the premier online retail tech platform of the Netherlands and Belgium. A platform serving 13 million customers, supporting 49,000 partners, and powered by over 2,900 colleagues.

Our mission: reinvent retail—together.

Perks of having a blue heart

Flexible working

We bring the best of both worlds together by working 50% at the office and 50% at home. This way, we find a balance between organisational and individual needs.

On and off

At bol we understand like no other that you have to take care of yourself first, then your environment and then bol. In that order. Therefore, everyone at bol receives 29 days of vacation.

The culture and the office

Our colleagues work hard to make the daily lives of our customers easier and more fun. But of course, we do this in an inspiring and creative environment!