Vulnerability Management Security Engineer

As a Vulnerability Management Engineer, you will be a vital part of Adevinta's Information Security team. You'll manage proactive security programs, conduct in-depth technical assessments, and lead strategic security planning sessions. Your responsibilities will include driving automation initiatives for security processes, integrating advanced security tools, and leveraging threat intelligence to enhance our defensive capabilities.

You will be key in ensuring that Adevinta's security strategy covers industry-relevant security standards, leaving no gaps open to be exploited. The Vulnerability Management team is part of the Information Security department, where you'll collaborate closely with other services such as Secure Product Lifecycle, Incident Response and Governance. You may also be called on to interact with product development teams to help them secure their products.

• You will conduct and manage bug bounty programs, perform and manage penetration testing, and lead threat modelling sessions

• You will automate internal flows for security data aggregation.

• You will integrate security tools by automated means.

• You will automate the handling of threat intelligence and environment data in order to enhance security controls.

• You will ensure our assets are properly reporting events to the SIEM, and support the definition of rules for generating alerts.

• You will support the other Infosec teams as a subject‑matter expert.

• You will work in a hybrid remote/on‑site environment, with the team physically spread across different geolocations (Adevinta’s hubs: Barcelona & Amsterdam).

• You may be required to travel occasionally, mainly inside the EU, to our main hubs.

• You will have the possibility of being on‑call.

• You have a hacker mindset, an open mindset, with technical skills and a passion for security.

• You have strong analytical and problem‑solving skills, with the ability to synthesise complex data into actionable insights.

• You recognize the need for automation to handle problems at scale, and you can implement that automation.

• You are proficient in cloud operations, particularly in AWS but ideally also in GCP.

• You have excellent fundamental knowledge of network, protocol, system and application security, as well as of the industry‑standard strategies and frameworks that apply.

• You have software development skills and database knowledge.

• You have excellent communication and interpersonal skills, with the ability to build relationships and influence others.

• You deal with problems by taking ownership and by collaborating with others.

• You are fluent in English (spoken and written).

• You are comfortable in a multicultural environment.

• Proficiency in threat modelling.

• Proficiency on Secure Development Lifecycle principles.

• Experience with cloud security services like AWS Guard Rails, SCPs, Security Groups, IAM, WAF.

• Notions of incident response.

• Public or private presentations.

• Open source contributor.

• Participation in conferences and training.

• Certifications.

• Membership in bug bounty programs, CTF player or member of ethical hacking communities, recognition in the Hall of Fame, CVE mentions or vulnerability reporter.