Senior Security Engineer, Defensive Infrastructure

Team: Infosec & Compliance

Location: Madrid, Barcelona, Sao Paulo, Montevideo, Buenos Aires, Bucharest

Commitment: Full Time

Workplace Type: hybrid

We are looking for a versatile senior engineer who can demonstrate high-level proficiency across most of these key security areas:

1. Defensive Infrastructure & Platform Engineering

Strategic Architecture: Partner with the CDR team to architect, deploy, and maintain the health of our core defensive stack (SIEM, EDR, DLP, CASB). You ensure the platforms are built to provide the high-fidelity signal they need to defend the business.

Log Lifecycle: Identify, onboard, and validate log sources across production and enterprise. You own the full log lifecycle: from ingestion and observability pipelines to actionable alerting.

Policy Tuning: Configure agent policies and manage underlying infrastructure (patching/scaling). You make the final call on security-vs-productivity trade-offs, ensuring the fleet is baseline-secure and performant.

2. Cloud Platform Engineering

Hardened Foundations: Partner with the CPS team to design secure-by-default AWS architectures, golden AMIs, and EKS base images that serve as the blueprint for our engineering teams.

Security-as-Code: Drive technical guardrails through Terraform modules, admission controllers, and automated drift detection, turning CPS policy requirements into engineering reality.

Proactive Design: Lead threat modeling sessions with SRE and Product teams to bake security into the design phase and translate findings into prioritized engineering backlogs.

3. Automation & AI Integration

Intelligent Workflows: Collaborate with the internal AI & Automation team to feed platform signals into automated, AI-assisted response pipelines.

Orchestration: Design and optimize SOAR workflows to eliminate manual toil. If a process is repeatable, you automate it to ensure the security org scales without adding headcount.

Compliance Engineering: Own technical security controls and evidence collection for PCI DSS, SOX, SOC2, etc. Automate technical controls and evidence collection for PCI DSS, SOX, and SOC2, making audits a seamless byproduct of good engineering.

4. Incident Response & Strategic Advisory

Advisory: Act as an advisor during complex security events across cloud, production, and enterprise environments.

Feedback Loops: Ensure every incident investigated by the CDR team feeds directly back into our detection logic and automation workflows, hardening the environment against future repetitions.

What You Bring

6+ years of hands-on experience across Security Operations, Detection Engineering, and Cloud Security, with a strong track record of building and owning infrastructure, not just operating it.

Platform depth: SIEM, EDR, DLP, CSPM, CNAPP. You know these tools at the configuration and architecture level, not just the dashboard level.

Cloud-native engineering: advanced AWS security architecture (IAM, SCPs, GuardDuty, and beyond), production EKS hardening, and Kubernetes security from first principles.

Automation and IaC proficiency: expert-level Terraform and Python (or Go). You build integrations and automate workflows because doing things manually at scale offends you.

Adversary-centric detection mindset: MITRE ATT&CK is a working tool for you, not a reference poster. You build detections that find real attacker behavior.

Compliance ownership: you have directly owned technical controls and evidence production for PCI DSS, SOX, SOC2 or equivalent. You know how to make compliance not hurt the engineering team.

Cross-functional range: you can run a threat modeling session with a product team, hand off a prioritized backlog to DevOps, and interface with OffSec on findings, all without creating friction. Stakeholder intelligence is a real skill you have built.

Grit: high autonomy means high accountability. You are comfortable with ambiguity, do the manual work when it needs doing, and do not wait for someone to define the path.




Nice to Have

Solid knowledge across multiple security domains like CDR, Cloud Security, AppSec, Offsec, etc

Experience with Security Platforms, AI agents, LLM APIs and automation frameworks. If you are not there yet, you are actively building it.

Familiarity with threat intelligence platforms and integrating intel into detection pipelines.

MDR vendor co-management experience.

Prior involvement in purple-team or red-team exercises.

Certifications (GCIA, GCFA, OSCP, AWS Security Specialty) are valued but secondary to what you have built and shipped.

How You'll Work

High ownership. No queue to wait in.

You will interface daily across Cyber Detection & Response, Cloud & Platform Security, AppSec, IAM, Offensive Security, and the Security Automation & AI team. On the engineering side, you will work regularly with Cloud Platforms, SRE, DevOps, Network, and CI/CD teams. The surface area is wide and the problems are real.

The CISO's office operates on one principle: security is a business enabler. You will have executive sponsorship and the political cover to make pragmatic trade-offs. What you will not have is the option to move slowly or hide behind process.

If you want to own infrastructure that actually matters, work with a team that respects engineering craft, and build in an environment that moves at the speed of the business, this is the right place.