Senior IT Security Engineer
hace 2 días
Barcelona
ph3ABOUT CODEWAY /h3 pCodeway builds consumer apps used by millions around the world, spanning AI creativity, wellness, learning, and productivity. Our products are built with a strong focus on user experience, speed, and quality, and are powered by deep in-house technology and data capabilities. /p pBarcelona is a growing core hub for Codeway. We are building a strong engineering culture here, focused on ownership, fast execution, and high standards of craft. This is a place for engineers who want to stay close to the product, influence real decisions, and see their work reach users quickly. /p h3POSITION /h3 pWe’re looking for an IT Security Engineer to help build and mature security across our growing organization. This role sits at the intersection of IT, Security, and Engineering, helping design, implement, and continuously improve security controls across identity, endpoints, SaaS platforms, and cloud infrastructure. /p pYou’ll work closely with IT and Engineering teams to build security capabilities that support company growth while maintaining a practical, collaborative, and business-friendly security posture. This is a hands‑on role with meaningful opportunities to shape security foundations, improve processes, and influence how security evolves across the organization. /p pSeveral security capabilities are still early in their maturity and continuing to evolve. We are looking for someone who enjoys building and improving the programs, processes, controls, and automation that will form the foundation of our security function as the company scales. /p pWe welcome applicants from all backgrounds and experiences. If you’re excited about building security capabilities and believe you could be a strong fit for the role, we encourage you to apply, even if your experience does not align perfectly with every qualification listed below. /p h3WHAT YOU’LL BE DOING? /h3 h3Security Operations Incident Response /h3 ul liPartner with teams to strengthen security monitoring, detection, and response capabilities. /li liInvestigate security events, coordinate incident response activities, and continuously improve operational playbooks and response processes. /li liDevelop security metrics and reporting that provide visibility, support prioritization and risk management, and demonstrate the effectiveness of security controls. /li /ul h3Identity, Endpoint SaaS Security /h3 ul liStrengthen security controls across identity, endpoint, and business-critical SaaS platforms. /li liImprove identity and access controls, including governance, privileged access management, MFA, conditional access, and device trust. /li liEstablish endpoint security standards, monitoring capabilities, and remediation processes. /li liPartner with stakeholders to evaluate security considerations for new applications, vendors, and integrations. /li /ul h3Cloud Security Vulnerability Management /h3 ul liMaintain and enhance security controls across cloud environments while promoting secure‑by‑default approaches. /li liBuild and operate a sustainable vulnerability management process across infrastructure, cloud, endpoint, and SaaS environments, including prioritization, remediation tracking, and reporting. /li liReview cloud configurations, permissions, and security risks, partnering with teams on practical remediation strategies and secure‑by‑design approaches. /li /ul h3Security Engineering Program Development /h3 ul liDesign and implement automation that improves security operations and reduces manual effort. /li liBuild integrations and workflows across security, identity, endpoint, and cloud platforms. /li liContribute to architecture reviews, security standards, and long‑term security roadmaps. /li liSupport security governance, compliance, and audit readiness initiatives by helping implement, document, and maintain effective security controls and processes. /li liPartner with teams across the organization to promote secure working practices and help foster a positive security culture. /li /ul h3WHAT YOU’LL BRING? /h3 ul liExperience building, operating, or improving security controls in cloud‑first environments, including identity, SaaS, endpoint, or public cloud platforms. /li liExperience collaborating with IT, Engineering, and business stakeholders. /li liExperience investigating security incidents and supporting remediation efforts. /li liStrong understanding of identity, endpoint, and cloud security fundamentals. /li liExperience automating workflows through scripting, APIs, or workflow platforms. /li liAbility to balance security requirements with operational efficiency and a positive employee experience. /li /ul h3NICE TO HAVE /h3 ul liHands‑on experience with identity, cloud, endpoint, or SaaS security platforms. /li liExperience building or maturing security programs, processes, or operational capabilities. /li liExperience with security tooling such as SIEM, CSPM, XDR, vulnerability management, or endpoint management platforms. /li liExperience supporting compliance initiatives, modern identity architectures, AI platforms, or emerging technologies. /li liRelevant certifications in cloud, endpoint, or security disciplines. /li /ul h3OUR ENVIRONMENT /h3 pYou’ll help secure and improve a modern cloud‑first environment built around: /p ul liGoogle Workspace /li liOkta /li liJamf /li liAWS /li liGoogle Cloud Platform (GCP) /li /ul pExperience with these platforms is beneficial but not required. We value strong security fundamentals, curiosity, and the ability to quickly learn new technologies and environments. /p h3WHAT SUCCESS LOOKS LIKE /h3 pWithin your first 12 months, you’ll help establish and mature key security capabilities, including: /p ul liA scalable endpoint security program built around modern device management and protection tooling. /li liRobust identity security controls across cloud, SaaS, and infrastructure platforms. /li liA structured vulnerability management process with clear prioritization and visibility. /li liCollaborative security review processes for new vendors, applications, and integrations. /li liImproved visibility and reliability across security monitoring and response activities. /li liSecurity automation that reduces manual effort and improves operational consistency. /li liStronger alignment with compliance and audit readiness expectations. /li liA culture where security is embedded into everyday work and planning across teams. /li /ul pIf you're excited about building security programs, improving systems through automation, and helping shape security in a growing company, we'd love to hear from you. /p pYou’ll join a collaborative environment where security is viewed as an enabler, not a blocker, and where you'll have the opportunity to help build lasting security capabilities that support the business as it continues to grow. /p /p #J-18808-Ljbffr