Security Engineer (Madrid, Spain)

You will be responsible for security operations, correct operation of all the security solutions implemented, monitoring and management of security events and response to incidents. You will manage the SOC services, vulnerability management services, O365 services.

Key Responsibilities and tasks:

  • Risk management.
    • Use standard risk management methodology to identify risk and propose mitigating controls.                                                                                              
  • Development, update and revision of security policies, procedures, and standards.
    • Write structured, concise, realistic policies, standards and procedures in English.                                                                                                                                                                                                  
  • Participation in the management, analysis, and documentation of security incidents.
    • Manage the security incident lifecycle.
    • Defining logic workflows to conduct incident handling from identification to resolution.
    • Lead “lessons learned” meetings, gathering findings and implement improvements to handling procedures.
    • Working with all involved parties (internal/external) to build agreement on managing incidents.
    • Prepare and lead “tabletop”, incident management sessions to test procedures.
    • Research incidents to get to the root cause and propose mitigating controls.                                                                                                          
  • Regular monitoring and reporting on the effectiveness of security controls in the company.
    • Design KPIs and KRIs for technical teams and top management teams.
    • Work with IT security service vendors to gather information needed to keep KPIs and KRIs.
    • Prepare presentations on KPIs and KPIs for technical teams and top management teams.                                                                                  
  • Participate in security audits.
    • Prepare evidence for auditors.
    • Be prepared to explain policies, procedures, and control implementation.
    • Explain and defend security proposition.
    • Create plans to comply with non-conformities.
    • Follow-up on defined plan.                                                                                                                      
  • Manage security vendors.
    • Conduct meetings with vendors to review SLAs.
    • Propose improvements to the service.
    • Participate in RFQ processes.                                                                                                                                                                    

Working Experience:

Minimum of 4 years of IT related experience in two or more of the following domains: Network and communications, O365 tools, (Azure) Active Directory management, risk management, vulnerability management, incident management.

Specific skills and knowledge:

  • Ability to manage and coordinate security incident response to closure.
  • General network knowledge, OSI Model, knowledge of common network protocols.
  • Knowledge of operating systems (Windows/Linux).
  • Experienced with Microsoft Active Directory, Office365 and, Microsoft Azure in terms of security.
  • Knowledge and understanding of common Security standards (e.g., NIST, ISO27001, COBIT).
  • Experience managing security vendors.
  • Excellent communication skills in English.

Personal Skills Requirements and Job Conditions

The company: our customer is a Spanish multinational based in Madrid, that operates all over the world for more than 60 years and is one of the leading producers of food products. More than 12,000 employees and around 2.000 M€ revenue.

Job location: Madrid, European nationality otherwise EU/Spain work permit required as a prerequisite.

Education and Training:

  • Academic degree in Business Engineering, Computer Science or Business Administration or equivalent.
  • Security certifications (CISA, CISM, CRISC, ISO 27001 LA) is a plus.

Organizational position: Reporting to the CISO (located in Madrid).

Employment Type: Permanent Full Time.

Salary: Depending on experience.

If you are interested, send an email to soc@montareloconsulting.com including in the subject: ‘Security Engineer (Madrid)’ along with your CV.