Work model: Hybrid (2 days in the office per week)
Job Type: Full Time
Job Location: Málaga or Madrid
As a Senior Security Engineer you will be a member of Security Engineering team that is part of a global Information Security team. You must possess a strong experience in application development as well as solid understanding of principles and practices of protection software products, infrastructure as a code and automation.
In this role you will facilitate and lead development of security application tools, support product engineering teams in designing, building, and operating applications securely at scale and help proactively identify and remediate security vulnerabilities in the code.
Our stack: Java/Spring boot, Python, JS/React.JS/Node.JS, REST API, Kubernetes, Ansible, Terraform, Helm
Responsibilities
- Act as a lead application developer for security application tools the teams supports and evolves, facilitate and provide day-to-day guidance for teammates on proper principles of software development, testing and code reviews
- Participate in designing, building, and integrating security tools (e.g., SAST, HC Vault, Keycloak, OPA Gatekeeper) to continuously enhance the security posture for both product and corporate environments
- Act as a security advisor to product engineering teams, guiding them through secure system design and reviews, help to define security requirements.
- Provide Security Engineering response to Production Incident and Problem investigations, including support the security on-call function as required
- Drive continual improvement across the Security Engineering work activities and wider organisational contribution through process review and adoption of automation capabilities to deliver standardisation and efficiencies within the team
- Maintain detailed sets of documentation for security tools
- Foster knowledge sharing within the team, mentoring other teammates on software development practices, facilitate building their own skills and learning new technologies
Requirements
- Full-stack application developer with 5+ years of relevant experience, preferably linked with security applications.
- Hands-on with a full software development lifecycle: requirements, design, code/test, deployment, maintenance/support
- Strong experience in development services for Kubernetes, familiarity with CI/CD tools
- Solid understanding of secure coding principles, OWASP top 10, security code reviews and hardening practices
- Good grasp of the OSI model, TCP/IP, DNS, TLS and related web protocols
Nice to have:
- Knowledge of Kubernetes architecture and security challenges along with experience in securing public or private cloud environments.
- Background in automaton of security processes such as patching, incident response and compliance reporting, using scripting and programming languages like Python or Java
- Experience in threat modelling, vulnerability assessments, identification and implementation of security requirements during design and development phases.
- Familiarity with security tools such as SAST, DAST, Hashicorp Vault, Keycloak
Required personal skills
- A clear communicator and dedicated professional who brings thoughtfulness and expertise to the Engineering Security team
- Reliable and supportive team member, who enjoys team play
- Ability to mentor junior team members, remove technical roadblocks, and lead security-focused projects while working closely with cross-functional teams
- Passion for learning and improving, staying current on emerging threats and technologies, apply those to evolve the application security strategy
- Strong self-organizing skills to manage multiple concurrent tasks or activities, prioritising them in a timely manner
- Ability to maintain strict confidentiality of the company’s internal and personnel data.
- Very good communication/technical writing skills in English.
Education/Certifications:
Non-essential but an asset
- Degree in Computer Science or equivalent working experience
- Developer Accreditations