Browse
···
Log in / Register
Job Summary: We are seeking a security expert with consulting and management experience, capable of assessing, analyzing, and managing security risks within the client's SDLC, while collaborating with technical and legal teams. Key Highlights: 1. Combined expertise spanning technical foundations and security consulting/management roles 2. Proficiency in risk management and Application Security 3. Participation in innovative projects and adoption of cutting-edge technologies We are **One Team.** We **make it happen.** We are **Unstoppable.** BABEL is a multinational technology consultancy specializing in applying its services and technological expertise to accelerate the digital transformation of its clients — large enterprises and public sector organizations. **What is our strategic plan?** We look toward the future! Our **Hiperespacio 2029 strategic plan** promises an exciting journey, **full of opportunities** for professional growth and development. Achieving **€1 billion** in revenue is a challenge we are confident we will meet through the **collaboration** and **talent** of our people — another success story we will write together. **What are we looking for?** **Requirements:** * Minimum 5 years of experience in security, with a background combining technical foundations (development, architecture, or technical security) and security consulting/management roles. * Demonstrable experience as a Security Architect, DevSecOps Architect, embedded security consultant within development teams, or senior Security Champion. * Expertise in risk management methodologies (e.g., ISO 27005, NIST, or equivalent) and ability to defend risk assessment criteria against challenging teams. * Solid knowledge of Application Security: OWASP Top 10 for Web and API, Secure by Design, and secure SDLC practices. * Conceptual understanding of AWS cloud architecture (EC2, containers, Lambda, API Gateway, WAF, VPC, IAM) at the design evaluation level. * Knowledge of common vulnerabilities (e.g., SQLi, XSS, SSRF, IDOR, deserialization…) and ability to explain them and propose conceptual remediation strategies. * Experience evaluating SaaS solutions and managing third-party risk (e.g., ISO certifications, PCI, supply chain). * Experience working with development teams in agile environments. * Strong oral and written communication skills, with adaptability to both technical and non-technical audiences. * Professional-level English (B2\+). * Availability for hybrid work mode — 3 days/week onsite in Madrid (La Muñoza). Fully remote work is not available. **Preferred Qualifications:** * Certifications: CSSLP, CISSP, CCSP, AWS Security Specialty, GIAC (GWEB/GCSA), ISO 27001 Lead Auditor/Implementer. * Experience in aviation, transportation, or critical infrastructure sectors. * Knowledge of DORA, NIS2, PCI\-DSS, and GDPR applied to architecture. * Familiarity with AppSec tools (SAST/DAST/SCA): Checkmarx, Fortify, Snyk, Burp, ZAP, etc. (at the decision-making level, not operational). * Knowledge of Salesforce or other enterprise SaaS platforms. * Support in DPIA processes and identification of sensitive data / PII. **Key Responsibilities:** * Security evaluation of changes, projects, and initiatives within the client’s SDLC (using predefined frameworks and methodologies). * Risk analysis and management per initiative: threat identification, probability and impact assessment, and control recommendations. * Review of solution designs: AWS cloud architectures, third-party integrations, and turnkey SaaS solutions. * Evaluation of vendors and third parties: certification analysis, supply chain risk assessment, and support to the DPO in DPIA processes. * Planning of pentest objectives in coordination with the client’s vulnerability management team. * Advisory support to product and development teams on vulnerability remediation: explanation of issues, root cause analysis, and conceptual solution proposals. * Early-cycle involvement (e.g., Sprint 0, analysis and design phases) to ensure security shift\-left. * Cross-functional coordination with solution architects, cloud engineering, legal team, DPO, and business units. **What do we offer?** **Babel, the great way to achieve the success.** Do you want to join an expanding, committed, and innovative team that makes history every day? At Babel, we accompany you on your path to success. We believe in people’s talent and aim to empower it by offering an outstanding work environment rooted in collaboration and solidarity. Working at Babel is much more than working for a company — it means joining a team united by a shared mission and a values-driven corporate model. Moreover, * We champion work\-life flexibility. (Points-based vacation system, telework, and schedule flexibility). * We invest in the training of our *Babelievers*. * We invest in your physical and emotional well-being. (Private Health Insurance / Life Insurance, personal trainer, and wellbeing program). * We also invest in your leisure time (nature activities, sports tournaments, streaming platform subscription (e.g., Netflix)). * You participate in the company’s growth and are recognized for your contribution (Benefits Bonus). * We focus on working with cutting-edge technologies and innovative projects — but above all, we support digital transformation and bring technology closer to society. **Are you ready to take on the challenge? We’re waiting for you!** *In compliance with current data protection regulations, we inform you that the controller of your personal data is GRUPO BABEL (see companies listed in the privacy policy), and your data will be used to manage your current and future recruitment processes, as well as for other purposes described on our website. This processing is based on the candidate’s consent. Personal data collected will not be transferred to third parties unless required by explicit legal obligations. You may exercise your data protection rights by contacting* *data.protection@babelgroup.com**. Full privacy policy information is available on our website.*
