As a Secure Product Lifecycle engineer, you will be part of the company’s Product Security team. This role is crucial in that it conditions the security measures put in place on products that handle our data and provide our services to our clients. This position requires autonomy and pro-activeness, a deep understanding of application security, network security, as well as proficiency in development and operations in the cloud.
You will be instrumental in ensuring that Adevinta’s security strategy covers industry-relevant security standards, leaving no gaps open to be exploited. The Product Security team is part of the Information Security department, where your team will collaborate with other services such as Vulnerability Management, Bug Bounty, Incident Response, and Governance. You may also be called on to interact with product development teams to help them secure their products.
What you will do:
You will recommend and evaluate secure baselines and controls (guardrails, alerts, audit controls) to prevent or detect and remediate misconfigurations across our cloud runtimes, CI/CD pipelines, artifact repositories, code repositories, SSO systems, and IAM systems.
You will develop, deploy and maintain automation of such controls, using SCP, AWS Config, SCA, SBOM, Dependabot, GitHub Actions, as well as other commercial, open-source, or custom tools.
You will automate internal flows for security data aggregation.
You will integrate security tools by automated means.
You will automate the handling of threat intelligence and environment data in order to enhance security controls.
You will provide advice concerning your domains of expertise to internal stakeholders, by attending guilds, answering questions, writing documentation, supporting audits, and by supporting remediation of issues found by our tools or by external resources.
You will ensure our assets are properly reporting events to the SIEM, and support the definition of rules for generating alerts.
You will support the other Infosec teams as a subject-matter expert.
You will report to the Secure Product and Platform Lifecycle manager.
You will work in a hybrid remote/on-site environment, with the team physically spread across different geolocations (Adevinta’s hubs: Barcelona & Amsterdam).
You may be required to travel occasionally, mainly inside the EU, to our main hubs.
You may be asked to be on-call.
Who you are:
You have a hacker mindset, an open mindset, with technical skills and a passion for security.
You have strong analytical and problem-solving skills, with the ability to synthesise complex data into actionable insights.
You recognise the need for automation to handle problems at scale, and you can implement that automation.
You are proficient in cloud operations, particularly in AWS but ideally also in GCP.
You have an excellent understanding of security capabilities and controls such as GuardRails, SCPs, Security Groups, IAM, WAF, AntiBot, SSO, etc.
You can apply the Secure Development Lifecycle principles with modern tooling and ecosystems such as Github, Github Actions, Dependabot, Kubernetes, infrastructure as code, etc.
You have excellent fundamental knowledge of network, protocol, system and application security, as well as of the industry-standard strategies and frameworks that apply.
You have software development skills and database knowledge.
You have excellent communication and interpersonal skills, with the ability to build relationships and influence others.
You deal with problems by taking ownership and by collaborating with others.
You are fluent in English (spoken and written).
You are comfortable in a multicultural environment.
Nice to have:
Proficiency in threat modelling
Notions of incident response.
Public or private presentations.
Open source contributor.
Participation in conferences and training.
Certifications.
Membership in bug bounty programs, CTF player or member of ethical hacking communities, recognition in the Hall of Fame, CVE mentions or vulnerability reporter.
Additional information
Life at Adevinta comes with its perks! Our Adevintans enjoy the following benefits:
- An attractive Base Salary.
- Participation in our Short Term Incentive plan (annual bonus).
- Work From Anywhere: Enjoy up to 20 days a year of working from anywhere! Maybe not from the moon - well why not! just make sure you have internet connection!
- A 24/7 Employee Assistance Program for you and your family, because we care.
- Win together, lose together is one of our key behaviours. At Adevinta you will find a collaborative environment with an opportunity to explore your potential and grow.
On top of these, we also provide a range of locally relevant benefits. Wanna know more? Apply and ask our recruiters!
