Work model: Hybrid (2 days in the office per week)
Job Type: Full Time
Job Location: Málaga or Madrid
As a Security Engineer you will be a member of Security Engineering team that is part of a global Information Security team. You must possess a strong experience in application security, Kubernetes and CI/CD as well as having solid ground on principles and practices of infrastructure security, infrastructure as a code and automation.
In this role you will take part in development of security application tools, proactively identify and remediate security flaws in the SDLC tools and processes as well as support product engineering teams in designing, building, and operating applications securely at scale
Responsibilities
- Design, build, and integrate security tools (e.g., SAST, HC Vault, Keycloak, OPA Gatekeeper) in Kubernetes environment to continuously enhance the security posture of product and corporate environments
- Work closely with software engineers and other stakeholders to ensure security is embedded in the product development lifecycle and help resolve any roadblocks
- Automate routine security tasks such as vulnerability management, incident response and compliance reporting, enabling security teams to focus on higher-value tasks.
- Provide 2nd/3rd line support for deployed security tools, ensuring they are kept up-to-date, eliminating technical debt and keeping pace with new threats and security requirements
- Provide Security Engineering response to Production Incidents and Problem investigations, including support the security on-call function as required
- Drive continual improvement across the Security Engineering work activities and wider organisational contribution through process review and adoption of automation capabilities to deliver standardisation and efficiencies within the team
- Maintain detailed sets of documentation for security tools
- Stay up-to-date with the latest application security trends, tools and techniques, foster knowledge sharing within the team
Requirements
- Deep knowledge of Kubernetes architecture and CI/CD tools (at DevOps level)
- Hans-on experience in deploying services for Kubernetes by using Helm and Terraform for IaC automation and familiarity with Kubernetes security challenges
- Solid understanding of security principles related to the software development lifecycle (SDLC) and how to integrate security at various stages
- Hands-on experience in automating processes via CI/CD pipelines
- Familiarity with security tools such as SAST, DAST, Hashicorp Vault, Keycloak
- Solid knowledge of OWASP top 10 and hardening practices
- Good grasp of the OSI model, TCP/IP, DNS, TLS and related web protocols
Nice to have:
- Application development background
- Experience in threat modelling, vulnerability assessments, identification and implementation of security requirements during design and development phases
- Knowledge of infrastructure security technologies, e.g., IDS, Vulnerability Management, Authentication and identity management, SIEM, WAF, SEG, MDM
Required personal skills
- A clear communicator and dedicated professional who brings thoughtfulness and expertise to the Engineering Security team.
- Reliable and supportive team member, who enjoys team play
- Passion for learning and improving, staying current on emerging threats and technologies, apply those to evolve the application security strategy
- Strong self-organizing skills to manage multiple concurrent tasks or activities, prioritising them in a timely manner
- Ability to maintain strict confidentiality of the company’s internal and personnel data.
- Very good communication/technical writing skills in English.
Education/Certifications:
Non-essential but an asset
- Degree in Computer Science or equivalent working experience
- Developer or Kubernetes Accreditations