Skip to sign up

Job matched to your search

Ethical Hacker

bol · Utrecht

Utrecht · On-siteFull-TimePosted Jun 21, 2026

Free · Join 5,000+ job seekers using Qarera

How well do you match this role?

Tap the skills you already have — then see your real match score, what’s missing, and your resume fixed for this job.

↑ tap the skills you have
Loading sign-in

Free · no credit card · 30 seconds

Job description

How do you make our customers happy? By wielding the sharpest digital swords in your arsenal and stealthily hacking away at anything and everything that stands between you and the prize: sneaky, backdoor entry. 😉 Obviously, you do this without nefarious intent – you own an impressive collection of stylish hats, and they’re all #FFFFFF – and immediately share your methods and findings with the team so we can take the appropriate action and close any holes you berserked your way through. In short: you go on the offensive to make our platform safer for customers and partners.

What You Do As Ethical Hacker You’ll join the Security Operations team of hackers, defenders, and ‘if it’s fixable, consider it done’ problem solvers. A team where ‘red’ and ‘blue’ specialists blend into a beautiful purple squad that keeps the bol.com platform safe and secure. We build and run security solutions for and across the entire bol.com landscape. That includes the ‘usual suspects’ like customer and partner facing platforms, office solutions, and the cloud environment, but it also encompasses the logistical ecosystems that keep our fulfillment centers humming and the parcels on our conveyor belts cruising. You have two direct colleagues (who are big on white Stetsons) and six (for now!) ‘blue team’ security engineers. In addition to hacking and engineering, (y)our team is responsible for security incident management: keeping track of bol.com’s overall security position (systems and data) and running various big security projects.

As an Ethical Hacker, you use your offensive prowess to ‘attack’ our platform, pen testing on request (e.g., for product teams) and on your own initiative. You base your actions on risk priority: high risk threats take precedence over low risk stuff. Other responsibilities include reviewing technical designs/ideas, “breaking stuff on paper sessions,” vulnerability assessments of apps/systems/networks, and threat modeling to help product teams assess their own risks and those inherent in their solutions. Plus anything and everything else that needs doing, but nobody thought to mention. As for the atmosphere:

  • Never a dull moment: there is always something new to pique your interest, and the security landscape is constantly changing.
  • Passionate and driven: we love what we do. Many of us have turned our passion into our careers.
  • Open minds that welcome new ideas; we want to hear your great ideas instead of telling you what to do and how to do it.
  • Challenge yourself and others: challenge yourself and others in the team to come up with the best solution.
  • No ‘holier-than-thou’ mentality: we think everybody is equal at bol.com, and we treat each other as such. Initiatives and ideas are equally appreciated from someone on their first day or in their tenth year at the company.

Why you can make a difference Because you’re an accomplished ethical hacker/penetration tester with a deep understanding of internet-facing web applications and cloud-native environments. You are as adept at quick assessments as you are conducting in-depth pen tests, and know when which approach works best. Previous experience in large engineering-driven environments where open source is often the tooling of choice is a must. After all, at bol.com we ideate and build most of our solution in-house (sure, we leverage existing libraries and frameworks), so that has to appeal to you as well. We also expect you to be ‘always available’ to our software engineers when they have questions. And to step up to the plate if a security alert breaks the silence. Linux, tomcat, java, and spring microservices all serve us well (in the cloud, we operate native infra on GCP, e.g., Kubernetes), so affinity with those would be a major asset.

3 reasons why this is (not) for you Switch to find out

  • - You are the captain chaos of white hats You aren’t exactly adept at organizing work in tools like jira

Don’t just read the job — see if you’ll get it.

Get your match score, a resume tailored to this exact role, and jobs like it — free.

Check my fit for this job
Loading sign-in

Apply →