Primary Mission

Working within the Information Security Team, and reporting to the Domain Tech Lead and in alingment with Chief Information Security Officer, you will be responsible for the end-to-end security of key digital products, and you will be working closely with software engineering/development in achieving product and security objectives.

You will be designing security controls and helping to validate that our services, applications, and emerging technologies are designed and implemented to the highest security standards. You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and decisively taking action to mitigate emerging threats throughout a full Secure Software Development Life-Cycle (S-SDLC).

What You'll Do

Support and lead product development teams (shift left) as they develop new features by conducting Security within the Software Development Life Cycle (S-SDLC) through existing processes and technology, as well as proposing continuous improvement.

Assuring Security is applied by design. Prepare and enforce standards and guidelines for application security. Enhancing secure coding practices.

Coordinate external penetration tests against the applications as and when necessary.

Assess security vulnerabilities (SAST, KICKS, SCA, DAST, Pentests, infrastructure, XMCyber, etc.) within our applications, and work with development teams to ensure remediation in our established SLAs and monitoring its resolution.

Collaborate and accompany development teams defining security architecture requirements (i.e., Kubernetes security, network security, etc.) and ensuring compliance with group policies and security best practices.

Strategical alignment with other Product Security Engineers and security areas to discuss and have a common understanding of the security standards in the hub.

Educating product development teams on security best practices and guidelines and increasing security culture.

Supporting compliance acting as the main point of contact during internal or external audits, ensuring products comply with group policies and industry standards.

What You'll Need

Bachelor (undergraduate) degree in a relevant field (Computer Science, Software Engineer, Security, or others) OR an equivalent combination of education, training, and experience.5+ years of work experience with any combination of at least 2 technical disciplines, including the following: cloud security (Azure K8s), network security, application security, security analyst, software development, coding, and ethical hacking.

Professional experience managing security assessments, including
penetration testing.
Ability to impact dev teams through influence within a secure software
development life cycle for multiple products and technologies, meeting
customer expectations in security.
Experience implementing security solutions that resolve security and
business risk trade-offs.
An understanding of networking and communication protocols (such as
TCP/IP, UDP, SSL/TLS, IPSEC, HTTP, HTTPS, BGP).
Understanding of the main Information Security frameworks (NIST,
OWASP, SANS).
An understanding basic concepts about cryptography, web service
frameworks, mobile application architectures, and service architectures
(such as event-driven, service-oriented, or serverless architectures).
Strong written and verbal communication skills (Spanish and English).
Experience working on a diverse development team.
Ability to communicate deep technical issues in terms of business risk
with non-experts and senior leaders.
Strong bias for action balanced with a strong ability to dive deep into problems.
Strong ownership, leadership, and proactivity.
What We Offer
You will be part of an international team composed by people from
different countries and backgrounds, where youll be able to share your
experience and knowledge to carry-out team work and meet the
objectives.
Youll have a personal follow-up with your management team to help you
understanding all business-related questions and guide you in your
professional career.
We offer a competitive compensation and benefits package: lunch
vouchers, health and dental insurance, transport, wellbeing, etc.