Security Researcher

The role

You carry out in-depth security assessments on software systems involved in M&A processes and for clients with business-critical software. Your work goes beyond automated scans. You think like an attacker, look into the source code, and build a complete picture of real exposure.

Your findings are presented to investors, management teams, and legal advisors. Clarity and impact matter just as much as technical depth.

What will you do?

• Execute code-guided penetration tests with full source code access, going deeper than any black-box approach can
• Perform manual and automated penetration tests across applications, APIs and internal systems, based on OWASP Top 10 and SANS/CWE Top 25
• Conduct in-depth cloud configuration reviews and identify security risks in cloud environments
• Perform recurring vulnerability assessments to identify and prioritize new exposures over time
• Apply SAST and DAST tooling and critically interpret results beyond what the tooling surfaces
• Translate findings into clear, risk-prioritized reports for investors, boards and engineering teams
• Participate in client debriefings to walk through findings, answer questions and support remediation decisions
• Contribute to the ongoing development of YieldDD's security methodologies and tooling
• Contribute to YieldDD's positioning by sharing knowledge through tech sessions, training and speaking at industry events

What you bring

Must-haves

• At least 3 years of experience in security assessments and penetration testing
• Proven experience with code-guided or white-box penetration testing specifically
• Able to navigate an unfamiliar codebase quickly and independently under time pressure
• Proficiency in both manual techniques and automated tooling
• Experience with multiple programming languages
• Strong written and verbal communication skills: your reports are clear and decision-ready for non-technical readers
• Fluency in Dutch and English, spoken and written

Nice-to-haves

• OSWE certification or equivalent
• Experience with C# or Python
• Knowledge of secure coding practices and common development anti-patterns
• Affinity with M&A context or due diligence
• Experience in sectors such as SaaS, financial services or PE-backed software companies
• What are you going to do?

What we offer

• 25 vacation days
• Laptop and tooling of your choice
• Hybrid working: focus days from home, collaborative days at the office
• Premium-free pension plan with survivors’ pension
• Budget for training, certifications and personal development
• A brand-new office in the Houtfabriek at Campus Werkspoor, a fully sustainable timber building that opened in
• April 2026. The campus has a restaurant and gym, and padel courts are planned for later this year
• A role with genuine breadth: as part of a growing firm, you will contribute to more than just your own specialty
• Active support for certifications and specialization

About YieldDD

YieldDD is the specialist in software due diligence and cyber security for M&A transactions, private equity investors, and organizations with business-critical software. From our office in Utrecht (Campus Werkspoor), we work with leading PE firms, M&A advisors, and technology companies across the Benelux and Europe.

We are a lean team of specialists who value directness, depth, and genuine ownership. Security at YieldDD is not about running scans; it is about understanding what is really at stake.

How the process works

1. Send your CV and a short motivation
2. Introductory meeting
3. Assignment or technical assessment
4. Closing interview
5. Offer

Expected timeline: two to three weeks

Ready to apply? Fill out the application form below, upload your CV and a short motivation, and we will be in touch. Not sure whether this role is the right fit? Just reach out and we will be happy to think it through with you.