Security Engineer
Bsport
Barcelona, Spain
5 days ago
Role details
Contract type
Permanent contract Employment type
Full-time (> 32 hours) Working hours
Regular working hours Languages
English Experience level
SeniorJob location
Barcelona, Spain
Tech stack
Kubernetes Security
Amazon Web Services (AWS)
Software System Penetration Testing
Computer Programming
Continuous Integration
Django
Identity and Access Management
Python
PostgreSQL
Open Web Application Security
RabbitMQ
Redis
Phishing
Secure Coding
Security Software
TypeScript
Software Vulnerability Management
Google Cloud Platform
React
Grafana
Software Security
FastAPI
Gitlab-ci
Kubernetes
Kafka
Celery
Gsuite
Front End Software Development
Terraform
Docker
ELK
Static Application Security Testing
Go
Dynamic Application Security Testing
Job description
We are looking for a hands-on Senior Security Engineer who will be the driving force behind bsport's security transformation.
This is not a purely strategic role; you will roll up your sleeves to implement security controls, respond to incidents, and build our security program from fundamentals.
This role is critical because:
- You will directly protect ~10 million users' personal data
- You will enable our sales team to confidently answer security questionnaires as we pursue enterprise clients
- You will work in the SRE team, with close collaboration with SWE teams and exposure to most if not all department leaders
- You will reduce business risk in a fast-scaling environment where security incidents can damage trust and revenue, Hands-on Security Engineering (60%) - Drive and maintain top-notch security across our platform:
- Harden AWS infrastructure, Kubernetes clusters and app security
- Implement automated scanning (SAST / DAST) and dependency checks
- Strengthen authentication and identity management (SSO, MFA, Google Workspace)
- Set up vulnerability management and alerting integrated with engineering sprints
- Respond to security incidents, create runbooks and support customer security requests
Security Culture & Training (40%) - Promote a strong security mindset across the company:
- Build engaging, role-specific training and run phishing simulations
- Define and enforce hardware and endpoint security standards
- Develop a network of security champions and self-service guides
- Create pragmatic policies and governance that balance security with business needs
Technical Stack
- AWS
- Infrastructure as Code: Terraform, Helm
- Container orchestration: Kubernetes, Docker
- Monitoring: Grafana, ELK stack
- Backend: Python Django, FastAPI, Celery
- Frontend: React, TypeScript
- Databases: PostgreSQL, Redis, RabbitMQ, Kafka
- CI/CD: GitLab CI, ArgoCD
Requirements
- 5+ years in security engineering, infrastructure security, or security software engineering roles
- Strong hands-on experience with AWS or GCP security (IAM, security groups, WAF, etc.)
- Deep understanding of application security (OWASP Top 10, secure coding, API security)
- Experience building security programs from scratch in fast-growing startups or scale-ups
- Proven track record in incident response and handling data breach scenarios
- Good programming skills in at least one of Python, Typescript, Golang
- Experience with infrastructure security (Kubernetes, container security, IaC security)
- Prior experience training employees on Security, * Experience with GDPR compliance and data protection regulations
- Background in penetration testing or offensive security
- Familiarity with our tech stack (Django, React, PostgreSQL, Terraform)
- Experience responding to security questionnaires for enterprise sales
- SOC2 or ISO27001 implementation experience
Benefits & conditions
- Vibrant office in Barcelona - Passeig St. Joan with free drinks and snacks
- Versatile working model, hybrid setup with 2 remote days per week and 15 extra remote days per year
- Health insurance fully covered by the company
- Negociated gym deal with Wellhub: access to a wide range of gyms, studios, and wellbeing apps
- Diverse, collaborative workplace, join an international team
- Paid sick leave
About the company
We are bsport. The place to be!
bsport is an all-in-one platform combining boutique fitness and advanced technology. Our platform helps partners manage their bookings, payroll, marketing and more, to streamline operations and boost their commercial success.
Since we launched in 2019, we have achieved remarkable growth:
* Built a community of over 10 million users
* Closed a 30 million Series B in December 2024
* Grown to over 200 employees across Europe