Senior Security Engineer – Vulnerability Management | Barcelona

Since 2011, SQUAD Group has been a key player in the cybersecurity landscape. We partner with leading organizations to protect their information systems through a comprehensive 360° offering of consulting, integration, expertise, and managed services

Our mission: Securing Together!

We believe in a collaborative approach to cybersecurity, where experts and clients work hand-in-hand to anticipate threats and protect critical infrastructure.

As part of our growing team, we’re seeking a Senior Security Engineer specialising in Vulnerability Manage ment. Based in Barcelona, this role will put you at the heart of a high-impact security engineering function, building and operating the systems that keep complex, large-scale environments continuously protected.

Your Role

You are a hands-on security engineer and technical leader. A Senior Engineer focused on vulnerability management architecture, automation, and remediation pipelines. Working across scanning platforms, CI/CD integrations, cloud environments, and detection tooling, you’ll design, build, and operate the systems that surface risk and drive it to resolution at scale.

Your Responsibilites

• Design and operate end-to-end vulnerability management systems: asset inventories, ingestion pipelines, triage workflows, and remediation tracking.
• Build complex automation and integrations across the vulnerability ecosystem, APIs, service-account patterns, canonical data schemas, and CI/CD pipelines.
• Conduct internal penetration tests and technical assessments to validate controls and drive root-cause remediations.
• Lead threat modelling, countermeasure validation, and technical reviews for high-impact vulnerabilities.
• Author and maintain runbooks, SLAs, and observability dashboards for operational reliability.
• Mentor and coach engineers through design reviews, code reviews, and shared platform patterns.
• Evaluate vendors and tooling: define criteria, run proof-of-concepts, and deliver technical procurement recommendations.
• Act as a technical partner to Cloud, Incident Response, and product engineering teams.

What You Bring

• 4–6 years of experience in security engineering, vulnerability management, or closely related infrastructure security roles.
• Deep knowledge of vulnerability scanning workflows, CVSS/risk scoring, and remediation pipeline design.
• Strong hands-on skills in automation and secure integration: Python, APIs, CI/CD orchestration, and cloud IAM patterns.
• Solid understanding of cloud security across major public cloud environments (AWS, GCP, or Azure).
• Familiarity with threat modelling methodologies and penetration testing techniques.
• Experience driving technical alignment across multiple teams without direct authority.

Preferred Cert ifications: OSCP, GIAC GPEN / GWAPT, AWS Security Specialty, CISM, or equivalent hands-on security engineering credentials

Why Join Squad?

Personalized Growth: We help you build a training and certification plan aligned with your professional goals through our SquadExeperience

• Expertise Development: Participate in internal events like our MixYourTalent webinars and monthly CTF sessions .
• Visibility: Attend major industry conferences and contribute to our #TheExpert technical b log
• Culture: Enjoy a dynamic and close-knit environment with after-work events and team gatherings that foster great camaraderie.