Senior Infrastructure Security Engineer

Paylogic is the ticketing and event operations platform behind some of Europe's biggest events. Tomorrowland runs on it. So does Paradiso and many more. Millions of fans use our systems to buy tickets. Event organisers use them to run their operations end-to-end. 

We are looking for an Infrastructure Security Engineer to join the Operational IT team in Groningen. The platform runs on custom-built Linux infrastructure, not cloud, not off-the-shelf tooling. Akamai is live across the platform and this role owns it: tuning, operationalising, and extending what has been built. If you have not had experience with Akamai WAF, BMP, and/or Account Protector in production, this role is not the right fit right now. 

What you'll be working on 

This role has two distinct workstreams worth understanding before you apply. 

• Platform security. Paylogic is a high-value target. Bots, credential stuffing, DDoS, and scalpers are a daily reality on a ticketing platform at this scale. You will own the Akamai stack: WAF (App and API Protector), BMP, Account Protector, and Prolexic for DDoS mitigation. Beyond Akamai, the security scope includes vulnerability scanning, handling responsible disclosures, coordinating penetration tests, running infrastructure audits, and liaising directly with the CTS EVENTIM Germany cybersecurity team. You contribute to the security roadmap. Work does not arrive pre-prioritised on a ticket. 

• Infrastructure reliability. The platform is in-house built. There is no external tooling runbook. When the security queue is lighter, you are doing SRE work: monitoring, incident response, on-call, capacity planning, and automation. The team's default is to replace manual work with code. If you are doing something manually twice, you are expected to automate it. 

Day-to-day, you'll be: 

• Tuning, operationalising, and extending the Akamai stack: WAF, BMP, Account Protector, and Prolexic. 

• Running vulnerability scanning and handling responsible disclosures end-to-end. 

• Coordinating penetration tests and infrastructure audits, and following through on findings. 

• Liaising with the EVENTIM Germany cybersecurity team on group-level security alignment. 

• Monitoring and continuously improving platform performance, stability, and security. 

• Leading capacity planning and researching solutions to support growth. 

• Replacing manual work with automation wherever possible. 

Platform stack: Ubuntu Linux, Python, Percona MySQL, Memcached, Redis, Nginx, Nginx Unit (ASGI), Apache (WSGI). 

Security tooling: Akamai WAF, BMP, Account Protector, Prolexic. 

Scripting and automation: Python, Bash. 

If you have not configured and tuned Akamai WAF policies in a production environment, worked hands-on with Bot Manager Premier and Account Protector, and owned infrastructure on custom Linux systems at scale, this role is not the right fit right now. 

• At least 4 years of relevant experience in infrastructure engineering, SRE, or security engineering, with a focus on IT security in a production environment. 

• Production experience with Akamai WAF (App and API Protector or Kona Site Defender), Bot Manager Premier, and Account Protector. No equivalent substitution. 

• Working knowledge of web application security: OWASP Top 10, WAF policy tuning, traffic analysis, and distinguishing a misconfiguration from an active attack under pressure. 

• Networking knowledge relevant to edge security: DNS, HTTP/HTTPS, TLS, DDoS mitigation. Prolexic experience is an advantage. 

• Strong Linux knowledge at the system level. Knowing how the kernel, networking stack, and storage work under the hood matters here, not just how to operate them. 

• Hands-on experience with the platform stack or close equivalents: Python, Percona MySQL, Memcached, Redis, Nginx. 

• Existing experience with Python or another high-level programming language and/or infrastructural automation is a big plus but not a must. 

• Experience running vulnerability scans with a track record of acting on findings. 

• Comfortable working in a small team and taking full ownership of projects end-to-end. 

• A practical mindset: you improve what needs improving and leave working systems alone. We have enough challenges ahead without rebuilding what already works. 

• Based in the Netherlands or relocating to Amsterdam or Groningen. 

What you'll get 

• 27 vacation days. 

• Hybrid: 2 days remote per week, flexible after onboarding. 

• Relocation budget for candidates moving to the Netherlands. 

• Visa sponsorship and 30% ruling support where applicable. 

• A MacBook and a remote working budget. 

• Coaching, training, and career development support. 

• Mental health support via OpenUp for you and your family. 

• Commuting reimbursement. 

About Paylogic 

Paylogic is part of EVENTIM, Europe's largest ticketing and live entertainment company, ranking as the world's number two provider. The client list runs from Tomorrowland and André Rieu to Comic Con and Zoute Grand Prix. The engineering challenges are as varied as the events.