CMP is looking for an IT Security Engineer to join our Digital Security team. You'll be protecting the company's digital assets, users and employees. We're looking for someone that will work securing our web application environments at all levels. You will perform regular security audits, suggest (and maybe even implement yourself) improvements, maintain the inventory of digital assets, identify vulnerabilities, prepare security awareness trainings, etc.
You’ll find a Requirements section far below. If you meet all these then we strongly encourage you to apply. If you meet some of them but think this role sounds like something you’d be great at, we strongly encourage you to apply.
You will be part of a passionate team that will invite you to be part of our family. You will be encouraged to step out of your comfort zone and embrace new challenges, learning something new every day. We will make you feel like at home on our amazing office (5 mins walking from Pl. Catalunya!), with the best equipment and environment so you can perform your best. Almost all of our management has been internally promoted, it’s the perfect environment for you to refine your skills and start growing your professional career, for real. Oh, and we do Agile as it’s expected it to be: Continuous Integration, Continuous Testing, deploys every day, all checked!
- Proactively identify security flaws and vulnerabilities. Spend time thinking both like an attacker and defender
- Build security tools and systems to solve capability challenges
- Evaluate the impact to the organization of current security trends
- Temporarily join a development team to help them solve the most urgent security tasks
- Conduct sophisticated security reviews - from high level web application architecture to OS level parameters in order to meet security goals
- Recognize, adopt and instill good practices in security engineering fields throughout the organization: development, cryptography, network security, security operations, incident response, security intelligence, and more
- Exercise risk-based judgment, and to help teams to make the right security calls
- +2 years of experience in strong demonstrated knowledge of web protocols and an in-depth knowledge of Linux/Unix tools and architecture
- +2 years of experience working with algorithms and processes for programmatic automation via scripting or programming languages (Python, Go, shell, etc.)
- Proficiency in Git
- Familiar with OWASP community and projects
- Networking basics: TCP/IP, UDP, HTTP, HTTPS, Routing protocols
- Securing Relational Database (MySQL, MariaDB, etc.)
- Familiar with Cryptography concepts such as hashing, public/private key, etc.
- Securing AWS environments is highly desirable
- Familiar with GDPR and US sensitive data protection laws.
- Vulnerability scanners: Nessus, OpenVas, etc.
- Some notions of PHP would really be helpful (our products are developed in PHP)
- Cutting-edge technology: Continuous Integration, scalable architectures, microservices, API oriented development, multi-disciplinar teams.
- Competitive compensation packages based on experience, skills and job market.
- Private health and dental insurance plan.
- Top notch equipment (iMac or Macbook; Apple 27″ retina display).
- Flexible working hours
- Paid lunches – either catering (just-eat delivery) or eating out.
- Employee choice for up to one week of conference or training sessions per year – time off and costs covered by company.
- Regular “freestyle” days – team members decide what they want to work on and have fun with it.
- Plenty of parties and events making you feel part of the team: BBQ on our terrace, Friday Beers&Pizza, Halloween Party, etc.
- Possibility of traveling (we have offices in New York).
- Flexible national holiday schedule – design your own working calendar.
- Big sunny terrace with ping pong and kicker tables, as well as a generous assortment of drinks, snacks and fresh fruits.
- Free English and Spanish classes.
- Employee referral program bonus.
- Company sponsored events: industry meet-ups through the Summer; company-wide retreat (e.g. Punta Cana 2015, Sardinia September 2016, Portugal 2017); office ski trips.
- Permanent contract
- Gym membership sponsored
- Multi-disciplinary teams
- Basket league sponsored
* Only submissions in english will be considered