Defensive Security Engineer, Adevinta

• This position requires autonomy and pro-activeness skills, and a deep understanding of defensive cybersecurity technologies
• An experienced security analyst with the mentioned solutions and resolving security incidents in large enterprise environments
• You are familiar with Incident Management At Google (IMAG)
• Structured, analytical, autonomous and proactive persona
• Familiar with the Agile methodology
• Experience with security frameworks and methodologies such as MITRE ATT&CK, ENISA or NIST
• You have a hacker and an open mindset
• You have software development skills
• You have a good understanding of AWS Cloud technologies, services, security capabilities, and controls such as SCPs, Security Groups, IAM, etc
• You understand SDLC (coding and development) with modern tooling and ecosystems such as Kubernetes, Github, Github Action, infrastructure as code, etc
• You have excellent knowledge of security for networks, protocols, systems and applications
• You have strong analytical and problem-solving skills, with the ability to synthesise complex data into actionable insights
• You are fluent in English (spoken and written)
• You have excellent communication and interpersonal skills, with the ability to build relationships and influence others
• You have demonstrated an ability to work in a multicultural environment

Desirable

• As the Defensive Security Engineer, you will be part of the company’s Incident Response (IR) team and collaborate with our Security Operations Centre (SOC) provider
• This role is crucial in defending our digital assets, ensuring an effective response to security incidents, and proactively enhancing our defensive posture
• You will be instrumental in ensuring that Adevinta’s security strategy covers industry-relevant security standards
• The Incident Response team is part of the Information Security department where your team will collaborate with other services such as Vulnerability Management, Bug Bounty programs, and SPLC Security among others
• You will contribute to the Incident Response (IR) team’s efforts by fostering a culture of proactive defence and continuous improvement through active participation in response processes and initiatives
• You will actively participate in the incident response lifecycle, including preparation, detection, analysis, containment, eradication, recovery and learning, ensuring timely and effective responses to potential threats
• You will support the development and refinement of incident response policies, playbooks, escalation procedures, and tabletop exercises
• Additionally, you will contribute to post-mortem analyses to improve incident detection and response capabilities continuously
• You will work closely with other relevant teams and roles, such as the DPO, Privacy, Global Incident Teams, the rest of the InfoSec teams, and E&C, ensuring effective communication and alignment during incident response efforts
• You will assist in managing the external MSSP by ensuring alignment with organisational policies, standards, and expectations regarding service quality
• You will collaborate with the SOC team to monitor and assess the performance of security monitoring, triage, and alerting processes, contributing to optimising SOC operations and improving efficiency
• You will participate in the operations and enhance the control of defensive security technologies, including EDR, SIEM, DLP, NIDS, and threat intelligence solutions
• You will gather, analyse, and operationalise threat intelligence information to enhance detection, response, and prevention efforts, ensuring timely identification and mitigation of potential threats
• You will collaborate to prepare periodic reports and collaborate with cross-functional teams to share valuable insights gained from alerts and incidents
• This collaboration will help drive enhancements to security controls and inform product decisions to reduce the frequency and impact of future incidents
• You will report to the Incident Response Manager
• You may be required to travel occasionally, mainly to the EU
• You will work in a hybrid remote/on-site environment, with the team physically spread across different geo-locations (Adevinta’s hubs - Barcelona & Amsterdam)

• Our work model prioritises remote work combined with face-to-face dynamics in the office that help us connect and make strategic decisions as a team. There are a minimum of 5 face-to-face days per quarter that you will pick with your team, that is, a minimum of 20 days a year, of which there are 8 days that we have chosen for everyone because they are meetings that reinforce our culture as a company (development conversations with managers, the creation of objectives or the summer celebration and Christmas party).
• Furthermore, you have the option of working up to four weeks a year from wherever you'd like. To do this, you must have a good internet connection and be able to follow the team's schedules.
• Every year we engage into benchmarking against the external market in order to create competitive compensation packages. Moreover, we do have plans that allow you to "flex your gross salary" in order to purchase benefits such as meal vouchers, commuters card, training and child care.
• We have Apple, Dell and Samsung options to choose the hardware that helps you most in your daily life. Choose between a Macbook Pro or Dell XPS laptop and an iPhone XR or Samsung S9 phone.
• Do you travel by car or motorcycle? We subsidize part of the parking cost.
• Your well-being is our priority. We cover fully for your medical insurance and we allow family members to be added to the policy for a discounted price.
• At the Barcelona office, you can enjoy sessions of 1 hour of physiotherapy.
• Do you like going to the gym? We sponsor 70% of the monthly fee of your chosen centre/ studio and we have agreements with both Andjoy and McFit for discounted membership prices.
• We enjoy 23 days of paid-time-off a year.
• We offer free breakfast and drinks at our Barcelona office every day of the week. You can also choose to enjoy the freshmade set daily menu in our canteen for an economical price. In Madrid on Tuesdays, Wednesdays and Thursdays you can enjoy free breakfast.

Adevinta Spain is part of the global Adevinta family, which is publicly listed in its native Norway. The company as a whole is one of the world’s largest classified marketplace companies, boasting a portfolio of around 50 brands in over a dozen countries, and employing close to 10,000 people.