Security Engineer in Madrid or Remote

Shipping is complex and online stores need solutions to compete globally. With our technology, you can improve the shipping experience of your customers and deliver a premium services.

Operating in 10 countries, our passion for getting shipping right means we support our customers every step of the way, making shipping simple and transparent

Our vision: to facilitate online shipping around the world

Our mission: helping online stores offer a great delivery experience.

• Microservices, microservices and microservices, with more than 60 in production.
• We’re reaching up 17k requests per minute... are you up for the challenge?
• Event oriented architecture.
• A company with more than 15 nationalities.
• Domain and multidisciplinary teams.
• Docker containers from your local environment until production (k8s).
• DevOps mentality.
• And much more!

Blue Team

Incident management / Compliance

• As part of the security team, you will be involved in the incident management process, detect, analyze, and respond to security events. You should be able to create the IoCs and threat modeling across business applications and infrastructure integrations.
• Support our data protection officer and compliance team with information requests. Improve our policies, regulations and audits.
• Risk management: Identify and manage risk associated with corporate infrastructure and connectivity

DevSecOps

• Integration of security tools or frameworks in our CD/CI
• Develop custom security automation tooling (Python, Golang, Javascript..)
• Create hardening guidelines and best practices for others teams
• Promote security with advice, best practices, and guidelines

Red Team

• Security testing on web, cloud environments and infrastructure.
• Evaluation of security in products/processes
• Security Architecture: Identify, monitor, and remediate vulnerabilities in products and architecture across Cloud environments
• Security Development
• Manage our disclosure program
• Provide security advice on a constant stream of new products and technologies
• Participate in security issues triage

Awareness

• Design and execute a company-wide security training plan
• Evangelize teams about security test strategies for complex systems
• Integrate security checks in a non-blocking way throughout the development cycle
• Help building and leveling up our bug bounty program
• Be the security evangelist and drive security awareness across the organization
• Mentor other engineers in order for them to interiorize security best practices and grow as technical contributors

• Experience with Cloud Security (GCP, AWS, Azure)
• Experience in microservices and event-driven ecosystem
• Experience with containerization technologies
• Several years of professional experience working in a Security team
• Passion for educating others in security best practices
• Experience with analysis tools (SAST & DAST)
• Experience developing custom security automation tools and solutions to help monitoring, detection, and response capabilities.
• Experience in scaling security with automation using your scripting skills Python/Bash/Go ...
• Software development experience in some of our language’s stack: Python, Scala, Java, Typescript/Javascript (Angular and React)
• Active participation in incident response investigations and threat modeling
• Experience in bug bounty programs and triaging security issues
• We are an international company, you should be able to communicate both in English and Spanish.

• CISSP, Security+, GCED, GICSP, GCIH, SSCP, OSCP or CASP+ Certification or similar
• Experience in compliance with GDPR
• Participated in some Information security management system certification process (ISMS): ISO 27001, SOX or related
• Have JVM knowledge is a big plus
• Experience implementing PCI, SOC 2 compliance or related
• Have a degree in Computer Science or related technical/scientific discipline

• ✔️ Competitive salary package. We’re looking for the right person. Annual salary offer: 50k - 60k, Staff from 60k - 75k
• 📙 Personal Training Budget. Up to 2000€/year training budget (certifications, conferences attendance…) for investing in your professional development. We want to help you to improve your technical skills, feel involved in the tech community, and develop your soft skills in order to lead teams or manage other stakeholders.
•  🗺️ Languages classes on a weekly basis. Thirsty of knowledge? Learn a new language by joining our free English/Spanish/French classes. In groups of 4-5 people, you can connect and enjoy taking up a new language or improving your current skills with one of our great instructors.
• 📈 Engineering Career Path. A career growth plan, created by engineers for engineers. You can check it in our blog (https://medium.com/packlinkeng/the-path-to-our-career-path-8781e4565ae3)
• 📖 Learning weekly initiatives. Share is caring, join us for our weekly Learning Meetings. Be the driver or the attendant, you choose!
• 💬 Be an active part of the tech community. Opportunity to attend and participate in local and international technological events. We are doing really cool things and we feel really proud to share them!
• 🏠 We are a remote-first company. All team members at Packlink are remote employees. After COVID, you can decide if you want to work in the office 2 days a week or 3 days per quarter—it's up to you. We also cover your expenses for working from home (50€ per month/600€ per year).
• 💻 Everything you need to work from home. Whether you prefer Mac, Linux or Windows (or an additional screen or two), we set you up for success when working remotely.
• Referral Fee 🔗 We need your support in hiring top-class talent! We offer a referral bonus of 1k-3K, depending on the complexity of the role and the hiring process.
• 🏐 Health and Wellness:  The well-being of our team is super important to us. Choose from different options that help you focus on your health:
  • Gym membership or exercise classes (pilates, kick-boxing, etc.)—we’re happy to cover the cost!
  • If you prefer private health insurance, we offer a great plan courtesy of our partner Sanitas.
  • Last but not least, we have psychological assistance free of charge.
• 🎂 Enjoy your Birthday. Take your birthday off to celebrate!
• ⚖️ Great work-life balance. We offer a flexible work schedule and will do our best to adapt to your personal situation. Working in a fast growth environment can be intense, but that doesn’t mean you shouldn’t enjoy your free time!
• 💜 An inclusive and upbeat work environment. Leave your suit behind... we’re a t-shirt and converse kind of place! More importantly, our company culture promotes diversity and inclusion. The personality and opinions of each of our team members are important and valid, and we aim to offer all employees a safe environment where they can be themselves and thrive.
•  🌍 A cross-cultural atmosphere. We are a truly international team of 15 nationalities that speak 10 languages. Our company language is English and all internal communication and company-wide meetings are in English.
• 🏟️ Company events. Work hard, play hard! We do our best every day, even at our regular team-building events. Everything is currently remote, but we’re looking forward to organising in-person company events once again in the near future!
• 💰 Flexible Salary. We work with a flexible compensation plan for transport, restaurants and kindergarten so our employees can save on personal income tax.

This person will be responsible for ensuring the applications developed within Packlink are secure. For that this person will be in charge, as an individual contributor, of managing a vulnerability program, performing penetration tests, working together within multidisciplinary teams in order to advise Software Engineers to apply security patches and build a secure product, implementing controls needed by Compliance, and so on. This is a cloud-first company so you should be interested in Cloud Security.
Are you familiar with OWASP Top 10 in both offensive and defensive app-sec? Then this is the role for you.

Our values: making our inclusive and proactive company culture our core guide.

Earn it - Without trust, we can’t grow. We earn trust from our teammates, customers and partners through hard work and great results.

Do it - Act, accomplish, repeat—that’s how we achieve our shared vision. Our team doesn’t overthink it, we are simply shipping by simply thinking!

Live it - We’re at our best when we’re challenged, learning and having fun.