Work model: Hybrid (2 days in the office per week) Job Type : Full Time Job Location : Málaga or Madrid
As a
Senior
Security Engineer
you will be a member of Security Engineering team that is part of a global Information Security team. You must possess a strong experience in
application security, Kubernetes and CI/CD
as well as having solid ground on principles and practices of infrastructure as a code and automation.
In this role you will facilitate and lead implementation of application security controls in software development environment, proactively identify and remediate security flaws in SDLC processes as well as support product engineering teams in designing, building, and operating applications securely at scale
Responsibilities
Assess application security controls in software development environment, proactively identify the gaps and propose remediation
Act as a lead security engineer on designing and building required security tools (e.g., SAST, DAST, HC Vault, Keycloak, OPA Gatekeeper) and its integration with Kubernetes environment to continuously enhance the security posture of product and fulfilling security requirements
Be a security advisor to product engineering teams, guiding them through secure system design and reviews, help to define security requirements.
Automate routine security tasks such as vulnerability management, incident response and compliance reporting, enabling security teams to focus on higher-value tasks.
Provide 2nd/3rd line support for deployed application security tools, ensuring they are kept up-to-date, eliminating technical debt and keeping pace with new threats and security requirements
Provide Security Engineering response to Production Incidents and Problem investigations, including support the security on-call function as required
Drive continual improvement across the Security Engineering work activities and wider organisational contribution through process review and adoption of automation capabilities to deliver standardisation and efficiencies within the team
Maintain detailed sets of documentation for security tools
Foster knowledge sharing within the team, mentoring other teammates on application security practices, facilitate building their own skills and learning new technologies
Requirements Required technical knowledge and experience:
Deep knowledge of Kubernetes architecture and CI/CD tools (at DevOps level)
Hans-on experience in deploying services for Kubernetes by using Helm and Terraform for IaC automation and familiarity with Kubernetes security challenges
Very good understanding of security principles related to the software development lifecycle (SDLC) and how to integrate security at various stages
Hands-on experience in automating processes via CI/CD pipelines
Familiarity with security tools such as SAST, DAST, Hashicorp Vault, Keycloak
Solid knowledge of OWASP top 10 and hardening practices
Good grasp of the OSI model, TCP/IP, DNS, TLS and related web protocols
Nice to have:
Experience in threat modelling, vulnerability assessments, identification and implementation of security requirements during design and development phases
Knowledge of infrastructure security technologies, e.g., IDS, Vulnerability Management, Authentication and identity management, SIEM, WAF, SEG, MDM
Required personal skills
Reliable and supportive team member, who enjoys team play
Ability to mentor junior team members, remove technical roadblocks and lead security-focused projects while working closely with cross-functional teams
Passion for learning and improving, staying current on emerging threats and technologies, apply those to evolve the application security strategy
Strong self-organizing skills to manage multiple concurrent tasks or activities, prioritising them in a timely manner
Ability to maintain strict confidentiality of the company’s internal and personnel data.
Very good communication/technical writing skills in English.
Education/Certifications:
Non-essential but an asset
Degree in Computer Science or equivalent working experience
#J-18808-Ljbffr