Ethical Hacker

How do you make our customers happy?

By wielding the sharpest digital swords in your arsenal and stealthily hacking away at anything and everything that stands between you and the prize: sneaky, backdoor entry. 😉 Obviously, you do this without nefarious intent – you own an impressive collection of stylish hats, and they’re all #FFFFFF – and immediately share your methods and findings with the team so we can take the appropriate action and close any holes you berserked your way through. In short: you go on the offensive to make our platform safer for customers and partners.

What you do as Ethical Hacker

You’ll join the Security Operations team of hackers, defenders, and ‘if it’s fixable, consider it done’ problem solvers. A team where ‘red’ and ‘blue’ specialists blend into a beautiful purple squad that keeps the bol.com platform safe and secure. We build and run security solutions for and across the entire bol.com landscape. That includes the ‘usual suspects’ like customer and partner facing platforms, office solutions, and the cloud environment, but it also encompasses the logistical ecosystems that keep our fulfillment centers humming and the parcels on our conveyor belts cruising. You have two direct colleagues (who are big on white Stetsons) and six (for now!) ‘blue team’ security engineers. In addition to hacking and engineering, (y)our team is responsible for security incident management: keeping track of bol.com’s overall security position (systems and data) and running various big security projects.

As an Ethical Hacker, you use your offensive prowess to ‘attack’ our platform, pen testing on request (e.g., for product teams) and on your own initiative. You base your actions on risk priority: high risk threats take precedence over low risk stuff. Other responsibilities include reviewing technical designs/ideas, “breaking stuff on paper sessions,” vulnerability assessments of apps/systems/networks, and threat modeling to help product teams assess their own risks and those inherent in their solutions. Plus anything and everything else that needs doing, but nobody thought to mention. As for the atmosphere:

• Never a dull moment: there is always something new to pique your interest, and the security landscape is constantly changing.
• Passionate and driven: we love what we do. Many of us have turned our passion into our careers.
• Open minds that welcome new ideas; we want to hear your great ideas instead of telling you what to do and how to do it.

• Challenge yourself and others: challenge yourself and others in the team to come up with the best solution.
• No ‘holier-than-thou’ mentality: we think everybody is equal at bol.com, and we treat each other as such. Initiatives and ideas are equally appreciated from someone on their first day or in their tenth year at the company.

Why you can make a difference

Because you’re an accomplished ethical hacker/penetration tester with a deep understanding of internet-facing web applications and cloud-native environments. You are as adept at quick assessments as you are conducting in-depth pen tests, and know when which approach works best. Previous experience in large engineering-driven environments where open source is often the tooling of choice is a must. After all, at bol.com we ideate and build most of our solution in-house (sure, we leverage existing libraries and frameworks), so that has to appeal to you as well. We also expect you to be ‘always available’ to our software engineers when they have questions. And to step up to the plate if a security alert breaks the silence. Linux, tomcat, java, and spring microservices all serve us well (in the cloud, we operate native infra on GCP, e.g., Kubernetes), so affinity with those would be a major asset.

• You are the captain chaos of white hats You aren’t exactly adept at organizing work in tools like jira, Kanban and/or scrum like work environments
• You believe in security by obscurity You keep your job secure by obscuring what you do: explaining threats and issues to product teams in a friendly, respectful, and understandable (!) manner is not your thing
• You live in an ivory tower You have a lot of redeeming qualities, but helpful and approachable you are not

• + Your resourcefulness is matched by your initiative You don’t wait for problems to solve; you find them
• + You are obsessed with details You spot technical issues and threats that everyone else glosses over
• + You zoom in and out with gusto You know what’s important when, prioritize like a boss, and naturally zoom in on the biggest risks first

This is where you’ll work

At one of the best-known online retail tech platforms in the Netherlands and Belgium. A platform where roughly 13 million customers can choose from ~38 million articles. A platform that helps about 49,000 commercial partners run their businesses. And a platform that will never be ‘finished’ because bol.com has been reinventing retail since 1999, and we always will be. If there’s a better way to do something, we’re on it! Together with our customers, partners, and over 2,900 colleagues. We work in multidisciplinary teams and aim to enable and empower teams and individuals alike. Our guiding principles are ‘job roles over job titles,’ autonomy, trust, and ownership.