Responsibilities
- Review and enrich playbooks and see opportunities for automation efficiencies in our Security detection and response capabilities.
- Liaising with the Engineering teams on incident response, vulnerability management and remediation actions
- Responsible for providing technical expertise in the support of security incidents using a plethora of leading security tools, coupled with continuous learning and training
- Working with AWS & GCP Cloud-native security tooling such as GuardDuty, Security Hub, GCP Security Command Center to ensure a level of protection & monitoring of threats in Auctane Public Cloud environments.
- Following up on regular security reviews, vulnerability, risk assessments and audits utilising our CSMP tool Wiz and Endpoint vulnerability tool Crowdstrike.
- Building relationships with all staff to promote “Security by Design” throughout the Engineering Teams and wider business.
- Being part of the internal Infosec / cyber security incident process - investigate suspected attacks and help manage security incidents, including providing post-mortem analysis, identify causes, develop solutions and preventive measures
- Responding swiftly to new and emerging security threats and vulnerabilities, investigate suspected attacks and be an integral part of the Information security incident process
- Learning and training, to enhance knowledge of Security Orchestration and Automation.
Requirements
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related technical field
- 6+ years of progressive experience in cybersecurity, with at least 3-5 years in leading large scale cyber security implementations
- Experience defining and leading several cyber security programs for large scale organizations
- Advanced level experience at least in one or two security domains within the Enterprise and Cloud Infrastructures to develop threat detections and mitigation strategies
- Experience leading projects and programs while defining the roadmap and milestones, and communicating with to technical and non-technical stakeholders while advising senior management
- Experience leading other engineers and analysts while collaborating with the external team members
- Able to balance the demands of delivering high quality and demanding timescales.
- Relevant industry certifications (e.g. CISSP, CISM, CRISC, AWS Security, GCP Security)
Nice to Have
- Expert-level knowledge of AWS, Azure, and/or GCP security
- Expertise in vulnerability and risk management across public cloud and enterprise environments
- Expertise in leading advanced threats detection and prevention programs in a cross-functional environment
- Expertise in developing security patterns with architectural recommendations
- Advanced experience in software development practices, automation with basic knowledge of AI
Work Arrangement
Remote (Country) — Spain
Team
Structure: flat and open engineering culture
Additional Information
- 10% international travel requirements
- All communication is in English
- Remote work based in Spain
- Equipment provided: choice of Mac or Windows, extra screen if needed
- Training budget: up to €2,000/year
- Health & wellness support: up to €55/month for gym or fitness classes
- Language classes offered: English, Spanish, French, Italian, German
- Time for health: 8 hours per year for personal medical appointments, 10 hours per year for family medical needs
- Volunteer day: one day off per year to volunteer
- Free therapy vouchers available
- Access to Wellhub, Curalinc, Rocketlawyer
- Regular health webinars & challenges
- Team events and meetups
- Central Madrid office available for use with free snacks and drinks