Security Engineer

As a Senior Security Engineer, you will provide senior technical leadership for Adevinta's Vulnerability Management Team (VulMa). You will define and evolve the technical architecture, drive complex integrations and automation at scale, and act as the primary technical reference for the most challenging vulnerabilities. You will combine hands-on engineering with strategic technical influence: architecting solutions, mentoring engineers, shaping technical standards, and ensuring our Vulnerability Management System (VMS) is robust, observable and aligned with Adevinta's security objectives. Job Requirements - A senior engineer with proven technical leadership in production security systems or closely related infrastructure services. - An experienced systems thinker: you design resilient, observable and scalable architectures and can evaluate trade-offs between reliability, cost and speed of delivery. - Deeply versed in vulnerability management, detection engineering and incident response at scale: you understand scanning workflows, threat modelling, validation and remediation pipelines. - Hands-on and fluent in implementing secure integration patterns, APIs, service-account architectures, CI/CD automation and production-grade orchestration; you write and review production code and automation confidently. - Strong in cloud security and operations across public cloud environments and familiar with identity & access constructs, org-level guardrails and secure account architectures. - Experienced in partnership and influence: you can drive technical change across multiple teams, present complex technical trade-offs clearly, and gain alignment without direct authority. - A mentor who raises the bar for delivery quality through design reviews, documentation and reusable engineering patterns. - Metrics-driven and comfortable owning technical success criteria, dashboards and SLAs for operational systems. - Fluent in English (spoken and written). - Comfortable in a multicultural environment. Job Responsibilities - Plan, execute and evaluate internal penetration tests and red-team exercises - defining scope and success criteria, performing senior-level assessments to validate controls and detection/response, driving root-cause analysis into durable remediations with clear verification criteria, and mentoring engineers to improve testing and response. - Act as the technical authority on complex vulnerability investigations, threat modelling, countermeasure validation and red-team exercises, providing senior-level analysis and remediation guidance. - Design and deliver complex integration and automation patterns across the vulnerability ecosystem, including secure API designs, reusable service-account and credential patterns, resilient CI/CD pipelines, canonical data schemas and platform observability. - Operate and improve the VMS end-to-end: maintain asset inventories, author and maintain automations for ingestion and remediation, coordinate validations and retests, tune detection and triage flows, and produce operational runbooks and SLAs that ensure reliability. - Lead high-impact technical initiatives and remove technical roadblocks for the team. - Mentor and coach engineers - raising technical standards through design reviews, code review feedback, shared libraries and platform patterns - while contributing significant hands-on code and automation. - Perform vendor and platform evaluations from a technical perspective: define evaluation criteria, run proof-of-concepts, validate operational fit and advise procurement with technical recommendations. - Represent the technical voice of Vulnerability Management in cross-functional architecture reviews and be a pragmatic technical partner to Cloud Defense, Incident Response, Governance and product engineering teams. - Work in a hybrid remote / on-site model in Barcelona and may be required to travel occasionally within the EU. Nice to Have - Practical experience implementing Secure Development Lifecycle (SDL) practices and developer enablement. - Practical incident-response experience (IR playbooks, tabletop exercises, coordinating investigations and post-incident remediations). - Hands-on experience with supply-chain and dependency management (creating and consuming SBOMs, automated dependency scanning and remediation). - Active participation in security communities or recognised vulnerability work (bug-bounty programs, CTFs, open-source contributions, CVEs or Hall-of-Fame recognition). - Relevant industry certifications or advanced formal training. Job Benefits Context & opportunities - Multinational environment - chance