VulMa - Senior Security Engineer
1 day ago
Barcelona
We’re Adevinta , a global leader in digital marketplaces. Our household name brands, including Marktplaats in the Netherlands, mobile.de in Germany and leboncoin in France, reach hundreds of millions of people every month. We’re all about matchmaking, and our sites help people find whatever they’re looking for in their local communities – whether it’s a car, an apartment, a sofa or a new job. Every connection made or item found makes a difference by creating a world where people share more and waste less. Our brands are supported by global Tech Hubs in Barcelona, Amsterdam, Paris and Berlin. Their goal is to develop common global products and innovation platforms which all of our brands can use. This means using cutting edge technology to create highly scalable, customisable and secure products and components that free up development time and leverage our access to global data. What You’ll Do & Who You Are What You’ll Do Plan, execute and evaluate internal penetration tests and red-team exercises — defining scope and success criteria, performing senior-level assessments to validate controls and detection/response, driving root-cause analysis into durable remediations with clear verification criteria, and mentoring engineers to improve testing and response. Act as the technical authority on complex vulnerability investigations, threat modelling, countermeasure validation and red-team exercises, providing senior-level analysis and remediation guidance. Design and deliver complex integration and automation patterns across the vulnerability ecosystem, including secure API designs, reusable service-account and credential patterns, resilient CI/CD pipelines, canonical data schemas and platform observability. Operate and improve the VMS end-to-end: maintain asset inventories, author and maintain automations for ingestion and remediation, coordinate validations and retests, tune detection and triage flows, and produce operational runbooks and SLAs that ensure reliability. Lead high-impact technical initiatives and remove technical roadblocks for the team. Mentor and coach engineers — raising technical standards through design reviews, code review feedback, shared libraries and platform patterns — while contributing significant hands-on code and automation. Perform vendor and platform evaluations from a technical perspective: define evaluation criteria, run proof-of-concepts, validate operational fit and advise procurement with technical recommendations. Represent the technical voice of Vulnerability Management in cross-functional architecture reviews and be a pragmatic technical partner to Cloud Defense, Incident Response, Governance and product engineering teams. Work in a hybrid remote / on-site model in Barcelona and may be required to travel occasionally within the EU. Who You Are A senior engineer with proven technical leadership in production security systems or closely related infrastructure services. An experienced systems thinker: you design resilient, observable and scalable architectures and can evaluate tradeoffs between reliability, cost and speed of delivery. Deeply versed in vulnerability management, detection engineering and incident response at scale: you understand scanning workflows, threat modelling, validation and remediation pipelines. Hands-on and fluent in implementing secure integration patterns, APIs, service-account architectures, CI/CD automation and production-grade orchestration; you write and review production code and automation confidently. Strong in cloud security and operations across public cloud environments and familiar with identity & access constructs, org-level guardrails and secure account architectures. Experienced in partnership and influence: you can drive technical change across multiple teams, present complex technical tradeoffs clearly, and gain alignment without direct authority. A mentor who raises the bar for delivery quality through design reviews, documentation and reusable engineering patterns. Metrics-driven and comfortable owning technical success criteria, dashboards and SLAs for operational systems. Fluent in English (spoken and written). Comfortable in a multicultural environment. Nice To Have Practical experience implementing Secure Development Lifecycle (SDL) practices and developer enablement. Practical incident-response experience (IR playbooks, tabletop exercises, coordinating investigations and post-incident remediations). Hands-on experience with supply-chain and dependency management (creating and consuming SBOMs, automated dependency scanning and remediation). Active participation in security communities or recognised vulnerability work (bug-bounty programs, CTFs, open-source contributions, CVEs or Hall-of-Fame recognition). Relevant industry certifications or advanced formal training. Context & opportunities Adevinta is scaling during a company restructure and localisation under new ownership. The organisation is multinational and composed of multiple product companies and legal entities, with diverse technology stacks, varied security maturity levels and evolving priorities as localisation and scale progress. At Adevinta, You Will Have The Following Opportunities Multinational environment — chance to shape cross-regional practices and data contracts, and gain experience with cross-cultural and regulatory constraints. Multiple companies with different contexts — opportunity to design marketplace-aware ownership models and procurement-friendly approaches that work across varied business needs. Multiple technological stacks — scope to build canonical integration patterns and pragmatic adapters that enable interoperability across heterogeneous systems. Different maturity levels — room to deliver reusable components, runbooks and baseline metrics that accelerate teams at different stages of maturity. Changing environment — experience making pragmatic trade-offs, delivering resilient solutions and operating effectively amid shifting priorities. Future localisation and building at scale — opportunity to architect localisation-friendly, scalable automation and platforms that enable durable, enterprise-wide growth. Benefits Life at Adevinta comes with its perks! Our Adevintans enjoy the following benefits: An attractive Base Salary Participation in our Short-Term Incentive plan (annual bonus) Work From Anywhere: Enjoy up to 20 days a year of working from anywhere! Maybe not from the moon — well why not! just make sure you have internet connection! A 24/7 Employee Assistance Program for you and your family, because we care Win together, lose together is one of our key behaviours. At Adevinta you will find a collaborative environment with an opportunity to explore your potential and grow On top of these, we also provide a range of locally relevant benefits . If you would like to know more, please ask our recruiters. Adevinta is an equal opportunity employer and we value diversity. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status or disability status. If you feel like you don’t meet all of the requirements for this role but are interested, please consider applying anyway. Research suggests that women and individuals from underrepresented groups may self-select out of opportunities if they don’t meet 100% of the job requirements. We strongly encourage people from historically excluded groups to apply and look forward to speaking with you. #J-18808-Ljbffr
Waiters
Construction & Trades
Fast Food
Accounting & Finance
Animal Care
Art, Media, Design
Bar Staff
Child Care
Cleaning
Customer Service
Driver & Delivery
Education
Engineering
Entertainment
Events & Promotion
Fashion
Healthcare
Host & Hostess
Information Technology
Kitchen Porter
Legal
Management
Manufacturing
Office & Admin
Online Jobs
Science
Security
Sports & Wellness
Warehouse
Writing & Editing
Other
Page 3