Security Engineer

At Nedap in Healthcare, our software supports thousands of healthcare professionals every day. Solutions like Ons Suite, Caren, Luna and MediKit help people work with confidence, reduce administrative burden and improve the quality of care. In this Security Engineer role, you play a vital part in keeping these products resilient, intuitive and secure.

You help strengthen the security of our web applications, identify vulnerabilities before they impact users and embed secure-by-design principles throughout our development teams. By coaching and supporting developers, you ensure that security becomes a shared responsibility—allowing you to focus on complex threats, business-logic risks and long-term improvements.

What are you going to do?

You help strengthen the security of our web applications, identify vulnerabilities before they impact users and embed secure-by-design principles throughout our development teams. By coaching and supporting developers, you ensure that security becomes a shared responsibility—allowing you to focus on complex threats, business-logic risks and long-term improvements.

Your responsibilities

Web application security

Strengthen the security and user experience of our web applications, ensuring they remain resilient against advanced and emerging threats.

Risk identification

Proactively detect and address security and privacy vulnerabilities to protect sensitive healthcare data.

Component integrity

Safeguard the integrity of web components and browser interactions to prevent exploitation.

Security standardization

Promote industry-leading security practices and contribute to improving our overall security and privacy posture.

Penetration testing

Conduct penetration tests, simulate sophisticated attack scenarios and translate findings into practical improvements.

Developer enablement

Coach and upskill developers so they can independently apply secure development practices, fostering a shift-left mindset and enabling focus on deeper, high-impact challenges.

Your team

You will join the Data Protection group within Nedap in Healthcare. This team works across multiple development squads to strengthen the security of all our healthcare solutions. Knowledge sharing, collaboration and continuous improvement are central to how we work. You will contribute to a domain-wide, consistent security approach, ensuring our solutions help healthcare professionals rely on intuitive and secure technology every day.

What's in it for you?

Our offer

As a Security Engineer at Nedap, you will make a valuable contribution to our goal: making people happier and more successful in their professional lives. In addition to your salary, you are entitled to a thirteenth month, a good pension scheme, and profit sharing with the opportunity to become a shareholder of Nedap. At Nedap, everything revolves around trust and autonomy. You determine your own working hours and vacation days. We also highly value personal and professional growth. You will receive a comprehensive introduction, and we encourage you to continuously develop yourself.

Required skills

You bring strong experience in web application security and can translate complex security topics into accessible, actionable insights. With analytical thinking, attention to detail and a collaborative mindset, you help raise the security maturity of the teams you work with. You anticipate risks early, bring structure to security practices and contribute to a trusting, learning-oriented environment.

You also bring:

• Experience: Proven experience in web application security and penetration testing, including secure code reviews and threat identification.
• Browser and web security: Strong knowledge of browser and web security, including component integrity and exploitation prevention.
• Technologies: Hands-on expertise with JavaScript and related frameworks; experience with CSS, TypeScript, Web Components, Vue.js, Lit, Micro-frontend architecture or Kotlin is a strong plus.
• Security: Familiarity with OWASP SAMM and the ability to embed security best practices across the development lifecycle.
• Certifications: Relevant offensive security certifications (e.g. OSWE, OSWA, CWEE) or equivalent demonstrable hands-on expertise.