SECURITY ENGINEER - VULNERABILITY MANAGEMENT AND SECURITY OPERATIONS

We are....A cutting-edge e-commerce company developing products for our own technological platform. Our creative, smart and dedicated teams pool their knowledge and experience to find the best solutions to meet project needs, while maintaining sustainable and long-lasting results. How? By making sure that our teams thrive and develop professionally. Strong advocates of hiring top talent and letting them do what they do best, we strive to create a workplace that allows for an open, collaborative and respectful culture.What you will be doing....This is a highly visible role! You will protect our infrastructure by analyzing, remediating, and monitoring breaches, issues, incidents, and vulnerabilities. The right person must have excellent engagement and communication skills and a solid customer-focused and team-oriented approach that balances security needs and user experience to provide best-in-class security for the organization.Responsibilities 🙌Keep and improve the Vulnerability Management Program of the company.A focal point of contact for Vulnerability scanning schedule, configuration in a tool, and execution as per the schedule. Any failure of scans is to be investigated and scheduled to be re-run.Administration of Tenable Vulnerability Management (Nessus) and using its various features to enable and support the Vulnerability Management Program.Usage of ManageEngine EndPoint Central, New Relic, and any other tools available in the company in order to take advantage of their features to improve the Vulnerability Management Program and Metrics.Conducts periodical discovery of IT Assets, ensures that identified assets are appropriately tagged, and includes the new assets in the Vulnerability Management tool.Assess the identified vulnerabilities and study & understand the risk profile and impact.Identify any false positives reported and the technical limitations of the vulnerability in the environment, and be able to declare and manage it within the Tenable tool.Keep and improve existing scripts to process vulnerability results (i.e. to automatically import them into Jira while matching existing data in Axonius).Facilitate the process of Risk Acceptance, wherever needed. The candidate will be responsible to coordinating with various stakeholders for proposing, seeking and maintaining the approvals for such cases.Perform Penetration Tests following OWASP and using tools such as Burp Suite or ZAP.Develop and manage a bug bounty program (i.e. write the security researcher conditions, review received vulnerabilities, etc.).Manage vulnerabilities reported by corporate antivirus (i.e. Crowdstrike).Collaborate with Infrastructure teams (Windows, Linux, Networks, etc.) for the remediation/mitigation of the identified vulnerabilities.Maintain the Vulnerability Dashboard for the scope and submits reports to both Technical teams and Management.Organize work to achieve compliance with established KPIs for Vulnerability Management and proactively work towards achieving the same. Maintain periodical reporting on the progress.Participate in meetings with various stakeholders as per the schedules. Liaise with different teams in different geographical zones.As an experienced Linux Sysadmin you will be the Subject Matter Expert (SME) for all Linux-related stuff in the Information Security Team.Keep and improve the existing server hardening guides, to avoid recurring vulnerabilities.Audit Linux (Ubuntu) and Windows system configurations to provide security improvement recommendations and advice.Automate system administrative tasks using scripting languages such as Bash, Perl, Python to streamline processes and improve efficiency.Development of ad-hoc tools to fill gaps not covered by the existing tools.Provide recommendations to other linux system administrators in the company, from the information security point of view.Designing new secure architectures.Adhere to different policies et out by the organization.Follow and improve existing procedures.Keep your work organized based on tickets (Jira).Prepare and provide different reports (weekly/monthly/ad-hoc) to the Top Management as necessary.Maintain appropriate knowledge required for successful and efficient delivery of the responsibilities.Keeping abreast of new threats and vulnerabilities and providing analysis as per applicability.Help the organization understand advanced cyber threats.Possibility to perform on-call after working hours and weekends.Requirements 💻5+ years of experience as a Security governance or similar roleB.S. in Computer Science, Computer Engineering, or a related field, however, a combination of other diplomas, certificates and experience will also be considered.At least 2 years of work experience administering and operating Tenable Vulnerability Management for a large enterprise.At least 5 years of work experience administering complex and large Linux environments.Working and hands-on experience in running a Vulnerability Management process.Fundamental technical understanding and experience assessing vulnerabilities and identifying weaknesses in operating systems (Windows and Linux), networks, databases, and application servers.Ability to assess vulnerabilities and prioritize remediation/mitigation planning.Experience in working collaboratively with cross-functional/transverse IT teams.Ability to apply a risk-based approach while working on assigned responsibilities.Good understanding of reporting needs at various levels of organization and ability to design, create, and present the same.Experience in working with any BI tools to prepare dashboards.Experience in working with Splunk as a SIEM.Troubleshooting and problem solving capabilities.Excellent analytical, communication, and documentation skills.Ability to organize work and be able to prioritize work as per the operation’s needs.Ability to work independently and as well as a part of the Information Security Team, and can work under minimal supervision.Should have time management skills and be able to manage work in a fast-moving environment.Keen attention to detail.Proven analytical and problem-solving abilities.Strong customer service orientation.Ability to manage multiple projects, activities, and tasks simultaneously.Able to adapt to new tasks and priorities.Upper intermediate English and Spanish level.Flexibility to work with departments in different time-zones.Nice to have 🚀Additional requirements, not essential but "nice to have".Any Penetration Testing certification (i.e. CEH, OSCP, GPEN, Pentest+).Any Vulnerability Management certification.Any Tenable certification (i.e. Vulnerability Management Specialist).Knowledge on other vulnerability management tools (Qualys, Rapid7, etc.)Knowledge on CDN and WAF usage and configuration (i.e. Cloudflare, Imperva).CompTIA Linux+ and Security+Linux Professional Institute LPIC-3 SecurityLinux Foundation Certified System Administrator (LFCS)GIAC Defensible Security Architect Certification (GDSA)ISC2 Systems Security Certified Practitioner (SSCP) What We Offer ❤️Competitive remuneration packageFLEXIBLE WORKING CULTURE: teleworking + Madrid OfficeDigital Culture: innovation, agility, technology and talent are in our DNADevelop your career working in a super exciting environment, with an international and multidisciplinary teamCareer plan designed by and for youFlexible working scheduleFriday afternoons offIntensive summer working hoursVery good atmosphere among colleaguesWhy choose us?We will give you the opportunity to be the best version of yourself, develop professionally and create strong working relationships working remote or on site. While offering a competitive salary, we also invest in our people's professional development and want to see you grow and love what you do. We are dedicated to listening to our team's needs and are constantly working on creating an environment in which you can feel at home.... If this sounds like the place for you, contact us now!