Vulnerability Management Security Engineer

Barcelona Headquarters, Spain

Adevinta

Adevinta is a leading online classifieds group, operating our digital marketplaces across Europe and beyond.

View all jobs at Adevinta

Apply now Apply later

We’re Adevinta, a global leader in digital marketplaces. Our household name brands, including Marktplaats in the Netherlands, mobile.de in Germany and leboncoin in France, reach hundreds of millions of people every month. 

We’re all about matchmaking, and our sites help people find whatever they’re looking for in their local communities – whether it’s a car, an apartment, a sofa or a new job. Every connection made or item found makes a difference by creating a world where people share more and waste less. 

Our brands are supported by global Tech Hubs in Barcelona, Amsterdam, Paris and Berlin. Their goal is to develop common global products and innovation platforms which all of our brands can use. This means using cutting edge technology to create highly scalable, customisable and secure products and components that free up development time and leverage our access to global data.

What you’ll do ​& Who you are

As a Vulnerability Management Engineer, you will be a vital part of Adevinta's Information Security team. You'll manage proactive security programs, conduct in-depth technical assessments, and lead strategic security planning sessions. Your responsibilities will include driving automation initiatives for security processes, integrating advanced security tools, and leveraging threat intelligence to enhance our defensive capabilities.

You will be key in ensuring that Adevinta's security strategy covers industry-relevant security standards, leaving no gaps open to be exploited. The Vulnerability Management team is part of the Information Security department, where you'll collaborate closely with other services such as Secure Product Lifecycle, Incident Response and Governance. You may also be called on to interact with product development teams to help them secure their products.

What you will do:

  • You will own the vulnerability management lifecycle, including identifying vulnerabilities (via scanning, penetration testing, bug bounties, configuration reviews, etc.), analyzing risks, prioritizing remediation, and coordinating fixes.

  • You will drive DevSecOps practices by integrating and managing automated security tools (SAST, DAST, SCA, etc.) within CI/CD pipelines, interpreting results, and collaborating with Development and Operations teams to embed security throughout the development lifecycle.

  • You will define and automate security controls and best practices for containerized environments (Docker, Kubernetes) and cloud infrastructure (IaC security scanning, configuration management).

  • You will ensure our assets are properly reporting events to the SIEM, and support the definition of rules for generating alerts.

  • You will support the other Infosec teams as a subject-matter expert.

  • You will work in a hybrid environment (remote/on-site at Adevinta hubs in Barcelona or Amsterdam), with occasional EU travel required and will have the possibility of being on-call.

Who you are:

  • You combine a passionate, open, and hacker mindset with strong analytical, technical, and problem-solving with the ability to synthesise complex data into actionable insights.

  • You recognize the need for automation to handle problems at scale, and you have proven experience implementing security automation. (e.g., Python, Go, etc.)

  • You are proficient in securing cloud environments (preferably AWS) and containerized workloads (Docker, Kubernetes); experienced in integrating security into CI/CD pipelines (e.g., GitHub Actions, Jenkins) and Infrastructure as Code (e.g., Terraform).

  • You possess a deep and broad understanding of core cybersecurity principles, common attack vectors (e.g., OWASP Top 10), mitigation techniques, cryptography, standard frameworks, and security across network, protocol, system, and application layers..

  • You have in implementing DevSecOps practices, including integrating security tools (SAST, DAST, SCA) into pipelines and guiding development teams on secure coding and vulnerability remediation.

  • You are an effective communicator and collaborator who takes ownership of problems, builds relationships, influences others, and thrives in a multicultural environment.

  • You are fluent in English (spoken and written).

Nice to have:

  • Proficiency in threat modelling.

  • Notions of incident response.

  • Public or private presentations.

  • Open source contributor.

  • Participation in conferences and training.

  • Certifications.

  • Membership in bug bounty programs, CTF player or member of ethical hacking communities, recognition in the Hall of Fame, CVE mentions or vulnerability reporter.

6148523063484d364c79397a5a57

4e31636d6c306553316c59584e30

5a5849745a57646e4c6e4d7a4c57

56314c58646c633351744d533568

625746366232356864334d755932

39744c3256680a6333526c636c39

6c5a326375644746794c6d64360a


 

Benefits

Life at Adevinta comes with its perks! Our Adevintans enjoy the following benefits:

  • An attractive Base Salary 💸

  • Participation in our Short Term Incentive plan (annual bonus) 🏆

  • Work From Anywhere: Enjoy up to 20 days a year of working from anywhere! Maybe not from the moon🌛well why not! just make sure you have internet connection! 🌍

  • A 24/7 Employee Assistance Program for you and your family, because we care ❤️

  • Win together, lose together is one of our key behaviours. At Adevinta you will find a collaborative environment with an opportunity to explore your potential and grow 🌱

On top of these, we also provide a range of locally relevant benefits. Wanna know more? Apply and ask our recruiters! ✨

Adevinta is an equal opportunity employer and we value diversity. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status or disability status.

If you feel like you don’t meet all of the requirements for this role but are interested, please consider applying anyway. Research suggests that women and individuals from underrepresented groups may self-select out of opportunities if they don’t meet 100% of the job requirements. We strongly encourage people from historically excluded groups to apply and look forward to speaking with you.

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0

Tags: Automation AWS CI/CD Cloud Cryptography CTF DAST DevSecOps Docker Ethical hacking GitHub Governance Incident response Jenkins Kubernetes Open Source OWASP Pentesting Python SAST Security strategy SIEM Strategy Terraform Threat intelligence Vulnerabilities Vulnerability management

Perks/benefits: Career development Conferences Salary bonus Team events

Region: Europe
Country: Spain

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.