Role Description We are looking for a seasoned Senior Security Engineer to join our team. In this role, you will lead incident response initiatives and conduct thorough cybersecurity investigations to mitigate risks effectively. You will play a key role in enhancing our security program by refining processes and optimizing tooling to strengthen our overall cybersecurity posture. As a Senior Security Engineer, you will be responsible for designing and implementing advanced threat detection and mitigation strategies across diverse technology landscapes. Your ability to communicate complex risks and incidents clearly to stakeholders is crucial for maintaining transparency and building trust. Additionally, you will ensure compliance with industry standards and regulations, such as NIST, ISO 27001, and SOC 2 Type 2. This is a global position requiring flexibility with occasional out of hours and weekend work. Responsibilities - Helping define the security operations roadmap by designing and implementing long-term strategies - Improve and maintain processes, tooling, documentation, and training to mature and enhance cybersecurity incident response - Design, implement, and maintain security events monitoring systems - Perform daily alert investigation and incident response in both cloud-native and traditional environments - Identify, scope, and manage ongoing incidents for our customers, developing remediation plans to improve security maturity - Normalize, analyze, and identify security events from application logs - Assist our development and operations teams on improving our log monitoring capabilities - Implement threat intelligence feeds and automation Qualifications - 5+ years of security operations experience, including alert triage, investigation, and incident response - Experience designing, building, and maintaining monitoring and alerting systems from scratch - Proficiency in managing the incident lifecycle with the ability to handle multiple work streams concurrently - Strong understanding of secure software development practices, including knowledge of common vulnerabilities such as OWASP Top 10 - Effective communication skills to articulate complex technical issues to diverse audiences (IT professionals, executives, business decision-makers) in a clear, authoritative, and actionable manner Nice to Have - Familiarity with scripting languages (Python, Bash…) and APIs - Awareness of cybersecurity standards and regulations such as NIST, CIS, ISO 27001, and PCI DSS - A basic understanding of Forensic processes Tools and Technologies - SOC Tech stack deployment and management - Threat detection / Log Analysis and correlation / SIEM platforms - Application security / WAF platforms - Infrastructure as Code, Terraform - Kubernetes Benefits - A salary adequate to your experience and skills - Flexible remuneration and benefits system via Flexoh, which includes: restaurant card, transportation card, kindergarten, and training tax savings - True flexibility and work-life balance - Remote or hybrid work model with our hub in Barcelona - Flexible working hours (fully flexible, as in most cases you only have to be on a couple of meetings weekly) - Summer intensive schedule during July and August (work 7 hours, finish earlier) - 23 paid holidays, with exchangeable local bank holidays - Additional paid holiday on your birthday or work anniversary (you choose what you want to celebrate) - Private healthcare plan with Adeslas for you and subsidized for your family (medical and dental) - Access to hundreds of gyms for a symbolic fee in partnership for you and your family with Andjoy - Access to iFeel, a technological platform for mental wellness offering online psychological support and counseling - Free English and Spanish classes