···
Log in / Register

ES- System & Security Analyst

Indeed
Full-time
Onsite
No experience limit
No degree limit
Calle de Diego de León, 34, Salamanca, 28006 Madrid, Spain
Favourites
Share
Some content was automatically translatedView Original

Description

Job Summary: We are seeking a Systems and Security Analyst with experience in operational resilience, vulnerability management, and development security for regulated environments. Key Highlights: 1. Operational resilience and DORA/GDPR compliance experience 2. Secure SDLC and OWASP expertise 3. 100% remote work model **Company Description** **Devoteam is a leading European consultancy focused on digital strategy, technology platforms, cybersecurity, and business transformation through technology.** We address our clients' strategic challenges across six core specializations: Digital Business \& Products, Data\-driven Intelligence, Distributed Cloud, Business Automation, Cybersecurity, and Sustainability achieved through Digitalization. Technology is in our DNA, and we believe in it as a lever capable of driving change for improvement, while maintaining a balance that enables us to offer our clients top\-tier technological tools — always combined with the proximity and professionalism of a team acting as a guide throughout the journey. Our **25 years of experience** make us an innovative, established, and mature consultancy, enabling the development of our **8\.500 professionals**, continuously certifying our consultants in the latest technologies and counting on experts in: Cloud, BI, Data Analytics, Business Process Excellence, Customer Relationship Management, Cybersecurity, Digital Marketing, Machine Learning, Software Engineering and Development. Devoteam has been awarded Partner of the Year 2021 by the five leading cloud providers: **AWS,** **Google Cloud, Microsoft, Salesforce and ServiceNow.** \#CreativeTechForBetterChange **Job Description** We are looking for a System \& Security Analyst profile with the following experience: * Experience in **operational resilience** and regulatory compliance requirements such as **DORA** and **GDPR** within financial or regulated environments. * Experience in **vulnerability management** and using static application security testing (SAST) across the development lifecycle, with explicit reference to **GitHub SAST / GitHub Advanced Security**. * Experience in **Secure SDLC** and applying **OWASP** guidelines for secure development on **.NET Core** technologies. * Experience in **secret management** and secure credential handling in CI/CD pipelines, using corporate tools and referencing **Terraform** and cloud-based secret services. * Experience in **auditing and continuous improvement**, maintaining process documentation and activity logs available for internal or external audits. * Experience in **initial technical and transition risk assessment**, including AS\-IS diagnosis, transition risk matrix, and knowledge gap analysis. * Knowledge of **AWS cloud environments**, including their security, resilience, and governance implications — covering services such as **EC2**, **S3**, **RDS**, and controlled deployments using **Terraform**. * Knowledge of approved containerized **Windows Server 2019** and **Linux** operating systems, plus foundational software such as **IIS 10**, **.NET Framework / .NET Core**. * Familiarity with client corporate tools such as **JIRA Service Management**, **JIRA Software**, **Confluence**, **Xray**, as well as observability and monitoring tools like **Nagios**, **Control\-M**, **Grafana**, and **Splunk**. * Knowledge of **service continuity**, **DRP drills**, validation of **RTO/RPO**, and operational resilience reporting. **Skills** * Analytical and risk assessment capabilities, especially during transition phases, initial technical audits, and security exposure control. * Compliance and governance orientation, ensuring alignment with operational controls, corporate security policies, and client standards. * Operational resilience mindset, integrating security, continuity, recovery, and back\-office service stability. * Documentation and traceability skills, generating evidence, technical reports, risk matrices, and architecture/process documentation. * Cross\-functional technical communication, engaging with development, operations, security, architecture teams, and international Group stakeholders. * DevSecOps mindset, embedding security throughout the development lifecycle rather than treating it as an isolated activity at the end of the process. **Desirable** * Experience in the **financial sector**, banking, or environments with high regulatory and operational continuity demands. * Experience in **service transitions**, including access control, initial technical audit, shadowing / reverse shadowing, and operational knowledge validation. * Knowledge of **AWS** from a security, resilience, and cloud governance perspective under corporate standards. * Experience with security and compliance frameworks, including **ISO 27001**, **DORA**, **GDPR**, and environment segregation controls. * Strong **technical English**, particularly for international coordination, technical documentation, and participation in global architecture and security forums. Work mode is **100% remote**. **Requirements** * Experience in **asset security and access control** within critical environments, applying the **Least Privilege** principle and nominal production access control. * Experience in **operational resilience** and regulatory compliance requirements such as **DORA** and **GDPR** within financial or regulated environments. * Experience in **vulnerability management** and using static application security testing (SAST) across the development lifecycle, with explicit reference to **GitHub SAST / GitHub Advanced Security**. * Experience in **Secure SDLC** and applying **OWASP** guidelines for secure development on **.NET Core** technologies. * Experience in **secret management** and secure credential handling in CI/CD pipelines, using corporate tools and referencing **Terraform** and cloud-based secret services. * Experience in **auditing and continuous improvement**, maintaining process documentation and activity logs available for internal or external audits. * Experience in **initial technical and transition risk assessment**, including AS\-IS diagnosis, transition risk matrix, and knowledge gap analysis. * Knowledge of **AWS cloud environments**, including their security, resilience, and governance implications — covering services such as **EC2**, **S3**, **RDS**, and controlled deployments using **Terraform**. * Knowledge of approved containerized **Windows Server 2019** and **Linux** operating systems, plus foundational software such as **IIS 10**, **.NET Framework / .NET Core**. * Familiarity with client corporate tools such as **JIRA Service Management**, **JIRA Software**, **Confluence**, **Xray**, as well as observability and monitoring tools like **Nagios**, **Control\-M**, **Grafana**, and **Splunk**. * Knowledge of **service continuity**, **DRP drills**, validation of **RTO/RPO**, and operational resilience reporting.

Source:  indeed View original post
David Muñoz
Indeed · HR

Company

Indeed
Cookie
Cookie Settings
Our Apps
Download
Download on the
APP Store
Download
Get it on
Google Play
© 2025 Servanan International Pte. Ltd.