Security Engineer

Ebury
Municipality of Madrid, Spain
2 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Municipality of Madrid, Spain

Tech stack

Kubernetes Security
Amazon Web Services (AWS)
Bash
Cloud Computing
Cloud Computing Security
Computer Security
Computer Networks
DNS
Identity and Access Management
Virtual Private Networks (VPN)
Python
Network Security
Network Architecture
Routing
PCI Data Security Standards
Remote Access Technology
Zero Trust Network Access
Security Information and Event Management
Data Logging
Transport Layer Security
Google Cloud Platform
Firewalls (Computer Science)
Kubernetes
Terraform
Devsecops
Security Orchestration, Automation & Response

Job description

Ebury is investing significantly in its cloud infrastructure security capabilities to ensure the trust and safety of our integral financial services. As a Senior Security Engineer specialising in Cloud Infrastructure, you will own and evolve the security posture of our cloud environments across AWS and GCP, with a focus on network security, perimeter defence, and attack surface management.

This hands-on role requires deep expertise in cloud-native security controls, network architecture, and defensive security operations. You will design, implement, and maintain security infrastructure that proactively detects and mitigates threats before they impact our business. You will work closely with platform, infrastructure, and security operations teams, embedding security best practices into our cloud foundations., * Own cloud security posture and attack surface management: Maintain comprehensive visibility and control across AWS and GCP environments. Implement cloud-native security monitoring, detection, and alerting to proactively identify and mitigate threats before they impact customers or the business. Define and enforce security baselines using policy-as-code.

  • Deliver modern secure remote access: Architect and implement a scalable remote access solution to meet current network security and environment isolation requirements. Design identity-aware access controls for infrastructure and cloud resources, ensuring solutions satisfy compliance and audit requirements for regulated financial services.
  • Drive security automation and DevSecOps adoption: Implement Infrastructure as Code for security controls using Terraform and cloud-native tools. Build automated compliance checking, policy enforcement pipelines, and security tooling that improves detection and response capabilities across infrastructure deployments.
  • Improve team capabilities and cross-functional collaboration: Partner with platform and infrastructure teams to embed security into cloud foundations. Provide technical guidance on network and cloud security best practices, contribute to incident response, and actively share security learnings to elevate engineering capabilities., * You effectively engage with platform, infrastructure, and engineering teams, clearly explaining the 'why' and impact of security controls.
  • You advocate for security-as-code and automation, reducing manual processes and improving consistency.
  • You promote a collaborative culture, share knowledge openly, and optimise your contributions for predictable delivery.

Requirements

  • 5+ years in security or infrastructure engineering with deep expertise in cloud security, ideally within FinTech, banking, or a similar regulated industry.
  • Expert-level experience with AWS and/or GCP security services, including VPCs, security groups, IAM, and cloud-native security tools.
  • Proven track record designing and implementing WAF solutions (AWS WAF, Cloud Armor, or similar) with custom detection rules.
  • Strong experience designing network architectures with proper segmentation and isolation patterns.
  • Extensive experience with Infrastructure as Code (Terraform preferred) and GitOps practices.
  • Proficiency in scripting and automation (Python, Bash, or similar).
  • Solid understanding of network security fundamentals: firewalls, routing, DNS, TLS, VPNs.
  • Experience implementing or operating SIEM, logging, and security monitoring solutions., * Experience with zero-trust network architectures and identity-aware access solutions.
  • Knowledge of container security and Kubernetes network policies.
  • Experience with security orchestration and automated response (SOAR).
  • Familiarity with compliance requirements for financial services (PSD2, GDPR, PCI-DSS).
  • Relevant certifications (AWS/GCP Security Specialty, CCSP, or similar).
  • Experience migrating from legacy VPN solutions to modern alternatives (e.g., ZTNA, SDP).

About the company

Ebury is a global fintech firm dedicated to empowering businesses to expand internationally through tailored and forward-thinking financial solutions. Since our founding in 2009, we've grown to a diverse team of over 1,700 professionals across 40+ offices and 29+ markets worldwide. Joining Ebury means becoming part of a collaborative and innovative environment where your contributions are valued. You'll play a key role in shaping the future of cross-border finance, while advancing your own career in a dynamic, high-growth industry.

Apply for this position