Senior Cybersecurity Engineer DevOps

We are looking for an experienced and passionate Senior CyberSecurity Engineer DevOps for our newly established Technology Hub in Madrid.
This is a unique opportunity to become part of the founding team that helps shape the culture practices and technical direction. Working in a hybrid model (2 days on-site) you will enjoy significant freedom to innovate and influence the future of one of the worlds largest commercial real estate companies. With the leadership of the Global Technology Hub coming from a background of technology startups you will benefit from a fast-paced learning environment high visibility of your contributions and opportunities to shape processes culture and technology strategies. At the same time you take advantage of the stability resources and reach of a successful global company. 
The Madrid Hub collaborates closely with international teams to deliver world-class technology solutions that power the future of commercial real estate.

As Senior CyberSecurity Engineer DevOps you play a key role in embedding security into our engineering operations across GCP and Azure environments. Working closely with other members of the DevOps function engineering teams and infrastructure team this role ensures that security is an integral part of our development lifecycle. The Senior CyberSecurity Engineer DevOps will design implement and maintain secure architectures and act as a bridge between engineering and information security functions.

You will contribute to global products and platforms that serve both internal and external customers in Commercial Real Estate across multiple regions. You will ensure delivery excellence engineering quality and great consumer experience. You are a hands-on problem-solver with strong design principles who thrives in a collaborative and agile environment. As a senior contributor of the DevOps function you will set technical direction drive best practices. and mentor junior engineers while building solutions with real business.

Secure Software Development Lifecycle (SSDLC)

• Pipeline Integration: Embed security controls and automated tooling into CI/CD pipelines (e.g. SAST DAST SCA/dependency scanning and container image scanning).
• Standards & Practices: Partner with QA and Software Engineering to define and champion secure coding standards.
• Risk-Based Prioritization: Support Product Owners by providing risk-based technical input during sprint prioritization and release planning.
• Architectural Resilience: Collaborate with CloudOps to design and validate secure resilient cloud architectures.
• Provide guidance on the secure integration of AI/LLM components ensuring data privacy (e.g. protection against prompt injections or insecure output handling).

Cloud and Infrastructure Security

• Security Baselines: Define and enforce security baselines for GCP and Azure resources focusing on IAM network segmentation storage encryption and key management.
• Policy Alignment: Work closely with Cloud Engineering to ensure project-specific policies align with global security standards and compliance requirements.
• Security as Code: Design and contribute to reusable secure-by-default Infrastructure as Code (IaC) modules and implement Policy as Code and Compliance as Code frameworks to prevent detect and remediate misconfigurations.
• Container Security: Ensure containerized workloads (e.g. Kubernetes Docker App Services) are secured end-to-end from registry to runtime.

Operational Security and Monitoring

• Observability: Contribute with logging monitoring and alerting systems for security events in collaboration with SRE and Infrastructure teams.
• Security Assessments & Penetration Testing: Performing security assessments and facilitate third-party penetration testing and coordinate the remediation of findings.
• Incident Response: Provide technical guidance during security incidents including root cause analysis (RCA) and post-mortem reviews to prevent recurrence.
• Governance Risk Management and Compliance
• Compliance: Ensure continuous compliance with ISO 27001 GDPR and other relevant regulations by embedding automated controls.
• Audit Readiness: Contribute to audits and reporting by ensuring technical evidence of security controls is always available and up to date.

Qualifications :

Required Skills/Experience:

• 5-8 years of professional experience in DevOps Security Engineering or Cloud Security roles.
• Proven Experience in GCP and Azure security models including IAM network security and secret management.
• Hands-on experience with container security (e.g. Kubernetes admission controllers runtime scanning image hardening).
• Strong knowledge of CI/CD pipelines and integration of security tooling (Azure DevOps preferred).
• Familiarity with compliance frameworks (ISO27001 SOC2 GDPR). And how to operationalize controls in engineering context.
• Strong experience in scription for automation (Python Bash or Terraform).
• Agile Development experience (Scrum/Kanban) including story estimation code reviews and pair programming.
• Experience working in distributed or remote teams and using tools such as Jira GitHub Miro and Azure DevOps.
• Excellent interpersonal and communication skills fluent in English and Spanish.
• Understanding of secure development practices and compliance frameworks (e.g. ISO27001 GDPR SOC2).

Preferred Skills/Experience:

• Background in software or infrastructure engineering.
• Ability to work in a fast-paced growing tech environment and to foster change in larger organizations.

Remote Work :

No

Employment Type :

Full-time