Founded in 2009 by Juan Urdiales and Felipe Navio and based in Madrid, Spain, Jobandtalent is the world's leading digital temp staffing agency. Their on-demand staffing marketplace aims to make the labour market much more fluid and accessible by tearing down all the barriers to job search and hiring.

They are an enthusiastic security team which is implementing security in an exponentially growing environment. It is never boring, they always assist each other as a team and this role offer the unique opportunity to put your stamp in the security roadmap and architecture of the company. If you are a person who loves a challenge, please join them!

• To have the passion, curiosity and a slightly obsessive drive to figure out how things work and assign meaning to various security events and anomalies

• To be a detective at hart, and have the drive to figure things out independently of others, but have the overall sight on when to seek help

• 5+ years in security positions that include operations, offensive (desired), defensive (required) and product security roles

• Experience with security architecture designs and product / application security

• Experience and an understanding of security operations and SIEM solutions

• Experience in implementing or creating an SDLC

• Ability to lead a threat model and create an actionable output from it

• A good understanding of penetration testing and some basic penetrating skill

• Ability to investigate complex security events

• Experience in incident management and using various methods (including a WAF) to mitigate ongoing application attacks

• Strong understanding of kubernetes, cloud platforms, networks and firewalls (including WAF)

• Be able to understand vulnerabilities and how they can be exploited (attack paths)

• Strong understanding and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10)

• Ability to communicate well across the board with the security team, development teams, platform and product teams

• Ability to create reports on technical risks and translate those to the business risks

• Working knowledge of Python for automation (desired not required)

• Have a good understanding of APIs, application flows and how code works

• A strong understanding of security frameworks such as NIST CSF, ISO27001 and SOC2 and using those to raise the security bar in an organisation