Cybersecurity Operations Specialist in Madrid or Remote

At Tymit our mission is to give people the self-confidence to live life to the fullest by offering them credit that's smart, flexible and honest.

That's why we launched the world's first instalment credit card – and why we're now partnering with only the most iconic brands to bring the next generation of instalment experiences to their customers.

We believe that everyone deserves financial peace of mind, that credit should only work for you, and that tech will continue to transform the way to shop, pay and manage our spending.

Our talented and growing team is based in the UK and Spain, and we're all committed to creating a diverse, fun work environment, with collaboration and the customer at the core of everything we do.

Following our £23m Series A round, closed in October 2022 and led by Frasers Group, we're focused on our next phase of growth - and creating the future of instalment experiences.

Want to check our app from the guts? See the Tymit app in action here 💡

Please note: this role is remote but must be based in Spain.

Compensation & Perks

💰 The salary range of this role is €55,000 to €65,000 per annum, depending on experience.

🏝 26 days of paid holiday plus bank holidays.

🥳 Your birthday off.

🏥 Private health insurance.

💲 Budget for home office set up.

💲 Monthly home working allowance.

🏡 Tymit is working fully remote but we have offices in Madrid and London if your preference is to work from an office with other Tymiteers.

⏰ Flexible working hours.

👩🏽‍🤝‍👩🏻 Referral program.

About the role

The Cybersecurity Specialist (COS) is responsible for overseeing the comprehensive cybersecurity operations across the enterprise. The COS will protect the organization’s systems, networks, and data by employing a structured approach that covers prevention, detection, response, and recovery from cybersecurity incidents.

Key areas include daily security operations, identification of critical information, threat analysis, vulnerability assessment, and risk management. The role also focuses on improving processes and supporting business initiatives to strengthen the organization's overall cybersecurity posture continually.

Core Responsibilities

1. Daily Security Operations:
   • Identification of critical information.
   • Data flow diagramming and threat analysis.
   • Vulnerability assessment and risk management.
   • Implementation of countermeasures.
2. Log Analysis
   • Set up and manage centralized logging solutions (e.g., SIEM systems like Splunk, ELK Stack, or AWS CloudWatch Logs) to collect logs from various sources, including servers, network devices, applications, and cloud services.
   • Ensure integration of logs from critical AWS services such as CloudTrail, CloudWatch, VPC Flow Logs, and AWS Config.
   • Continuously monitor logs for indicators of compromise, suspicious activities, or policy violations.
   • Implement real-time alerting mechanisms for critical security events.
   • Analyze logs to identify unusual patterns or behaviours that may indicate security threats.
   • Utilize advanced analytics and machine learning tools for enhanced threat detection.
   • Develop, refine, and optimize SIEM rules, filters, and correlation policies to improve detection capabilities and reduce false positives.
   • Regularly update threat intelligence feeds and indicators of compromise (IOCs) within monitoring tools.
   • Proactively search through log data to detect and isolate advanced persistent threats (APTs) that may not trigger standard alerts.
   • Provide log data and analysis for internal and external audits.
3. Project Execution and Process Improvement:
   • Identify opportunities and constraints to enhance cybersecurity.
   • Support and improve cybersecurity posture through continuous evaluation and improvement of systems.
4. Security in SDLC:
   • Incorporate security requirements in the software development lifecycle.
   • Collaborate with project managers, developers, and stakeholders to define security requirements during the planning and requirements-gathering phases.
   • Ensure that security controls align with business objectives and compliance requirements.
   • Conduct threat modelling sessions to identify potential security risks and vulnerabilities in the application design.
   • Analyze data flow diagrams to understand how data moves through the system and where it may be exposed.
   • Advocate for and implement secure design principles such as least privilege, defense in depth, and fail-safe defaults.
   • Utilize Static Application Security Testing (SAST) tools to analyze source code for security vulnerabilities before code compilation.
   • Employ Dynamic Application Security Testing (DAST) tools to test applications in runtime environments for vulnerabilities.
5. Design and Architecture:
   • Participate in the design of IT services and platform architecture.
   • Ensure the inclusion of security requirements in architecture planning.
   • Work closely with cloud architects and engineering teams to design AWS architectures that incorporate security best practices.
   • Ensure that security is a foundational component of all architectural designs.
   • Implement the AWS Well-Architected Framework, focusing on the Security Pillar to create secure, high-performing, resilient, and efficient infrastructure.
   • Regularly review architectures to identify and remediate security risks.
   • Utilize AWS security services such as AWS Identity and Access Management (IAM), AWS Key Management Service (KMS), Amazon GuardDuty, and AWS Security Hub.
   • Ensure these services are effectively integrated into the architecture to enhance security.
   • Virus and malicious code management
6. Security Testing:
   • Coordinate penetration testing, vulnerability scans, and red-teaming activities.
   • Oversee third-party security services such as SOC capabilities.
   • Coordinate and perform penetration testing to simulate real-world attacks and uncover security weaknesses.
   • Maintain an up-to-date inventory of all hardware, software, applications, and network devices, including cloud-based assets (e.g., AWS services).
   • Classify and prioritize assets based on their criticality and the sensitivity of the data they handle.
   • Perform regular vulnerability scans using industry-standard tools to detect security weaknesses across systems, applications, and networks.
   • Utilize continuous monitoring solutions to identify new vulnerabilities promptly.
   • Evaluate the potential impact and likelihood of exploitation for identified vulnerabilities.
   • Prioritize vulnerabilities based on severity, exploitability, and asset importance using frameworks like CVSS.
   • Collaborate with development teams to ensure timely resolution of vulnerabilities.
   • Develop actionable remediation plans in collaboration with IT and development teams.
   • Coordinate the timely deployment of patches, configuration changes, or code updates to address vulnerabilities.
   • Verify the effectiveness of remediation efforts through follow-up scans and testing. After vulnerabilities are fixed, regression testing will be conducted to ensure that fixes are adequate and no new issues have been introduced.
   • Oversee the patch management process to ensure security patches are applied promptly across all systems and applications.
   • Test patches in controlled environments before deployment to prevent adverse effects on operations.
   • Incorporate vulnerability assessments into the Software Development Lifecycle (SDLC) and Continuous Integration/Continuous Deployment (CI/CD) pipelines.
7. Logical access control
   • Oversee the lifecycle of user identities and access privileges.
   • Implement role-based access control (RBAC) and least privilege principles.
   • Utilize IAM solutions to manage access across on-premises and cloud environments.
   • Deploy strong authentication methods, including MFA.
   • Manage authentication services and protocols.
   • Implement and manage IAM tools, SSO solutions, and PAM systems.
   • Secure cloud resources using appropriate access control measures.
8. Security Dashboards and KPIs:
   • Develop and maintain security metrics to track performance.
9. Security incident management
   • Develop, maintain, and execute comprehensive incident response plans.
   • Lead the incident response team during security incidents, ensuring efficient coordination and communication.
   • Analyze security events to confirm incidents and assess their impact.
   • Implement strategies to contain incidents and minimize damage.
   • Lead efforts to eliminate threats and restore systems to normal operation.
   • Verify the integrity and security of systems post-recovery.
   • Document all incidents thoroughly, including actions taken and lessons learned.
   • Update incident response plans and security controls based on post-incident analyses.
10. Security Awareness and Coaching:
    • Provide guidance and coaching to staff on security best practices.
    • Ensure compliance with security policies.

Skills and Knowledge Required

Technical Skills - Prevention:

• Network Security: Proficient in managing firewalls, VPNs, and DDoS protection.
• Endpoint Security: Expertise in antivirus, EDR solutions, and device hardening.
• Access Control: Mastery of IAM, MFA, and RBAC.
• Patch Management: Ability to manage patch deployment across systems.
• Secure Coding: Knowledge of secure development practices and threat modeling.

Data Protection:

• Encryption and key management systems (KMS).
• Data loss prevention (DLP).

Technical Skills - Detection:

• Security Monitoring: Skilled in using SIEM tools for real-time event monitoring.
• Penetration Testing: Capable of leading and coordinating tests.
• Vulnerability Management: Experienced in vulnerability scans and risk assessments.
• Log Analysis: Ability to interpret logs and identify threats.
• Threat Intelligence: Understanding how to leverage threat intelligence for improved security.

Technical Skills - Response:

• Incident Response: Proficient in developing and executing incident response plans.
• Forensics: Capable of conducting forensic analysis and evidence collection.
• Malware Analysis: Skilled in malware analysis and threat mitigation.
• Containment and Eradication: Ability to manage and neutralize threats.

Technical Skills - Recovery:

• Disaster Recovery: Experience in disaster recovery and business continuity planning.
• System Restoration: Expertise in system and data recovery post-incident.

Requirements:

• Extensive experience in cybersecurity.
• Strong analytical, problem-solving, and organizational skills.
• Excellent communication and collaboration abilities.
• Relevant certifications: CISSP, CISA, CISM, OWSE, CRISC, etc. (Nice to have).

What you can expect from our hiring process

Stage 1

45 min. video-call with a member of Tymit’s People team. Understand your career plan and what motivates you about Tymit.

Stage 2

60 min. video-call with Carlos (GRC Manager). Introduction to your future team to get a sense of Tymit’s culture.

Stage 3

60 min. video-call with two people from the wider team.

Technical discussion around a task to better understand your skills and give you a sneak peek of what it could be working at Tymit.

Stage 4

🏁– Offer 📧

To meet our regulatory obligations as a licensed financial services company in the UK, Tymit needs to take background checks, Criminal and Credit checks, our new hires to help us safeguard our users. If you have any concerns regarding this process, please discuss this with our People Team.

Tymit is made up of people from various backgrounds, and you are welcome for who you are, no matter where you come from, what you look like. We seek to create a culture where everyone can belong because we believe that people do their best work to show up every day as their authentic selves. So, bring us your personal experience, your perspectives, and your background.

We do not make hiring or employment decisions based on race, religion, age, national origin, gender, gender identity or expression, sexual orientation, marital status, disability, pregnancy status, or any other difference. If you have any disability, please let us know whether there are any adjustments we can make for our process to be more inclusive