Cyber Security Engineer

Barcelona, Barcelona, Spain

Full Time

Experienced

Smadex is a leading advertising technology company founded in Barcelona in 2010 and sold to American-based and stock-listed Entravision in 2018 (NYSE::EVC). We are one of the top mobile ad-tech companies in the world and the largest Demand Side Platform (DSP) based in Europe, with our revenues over +$100M and consistently growing +40% YoY over the past years. And with an incredible 100% growth last year.

We are looking for a proactive Cyber Security Engineer to join our team and safeguard the integrity of our high-traffic programmatic infrastructure. In this role, you will be the guardian of our digital ecosystem, bridging the gap between cutting-edge security engineering and agile DevOps practices.

The Role

Architect and deploy scalable, cloud-native security protocols (e.g., WAF, Security Groups, GuardDuty, CSPM) to safeguard our high-traffic, API driven infrastructure.
Design and maintain automated threat detection rules and response mechanisms for our cloud and container environments.
Manage continuous vulnerability assessments programs and coordinate third-party penetration testing to identify and remediate risks within our cloud-native and Linux environments.
Secure our software supply chain and third-party dependencies, with a strong focus on SDK security and data partner integrations critical to ad-tech.
Partner with engineering and DevOps teams to integrate secure system design, threat modeling and robust API security into the product lifecycle.
Lead incident response efforts and forensic investigations to mitigate the impact of security breaches and prevent future occurrences.
Ensure data privacy is a core component of our product architecture and data processing workflows, maintaining strict adherence to GDPR requirements.
Develop and maintain comprehensive security documentation, including policies, standards, and incident handling procedures.
Drive a "security-first" culture by creating awareness training, providing technical guidance to cross-functional teams, and offering a security perspective on ad fraud and invalid traffic (IVT).

Requirements

Experience: 4–5+ years of professional experience in Cybersecurity / Security Engineering
Cloud & Systems: Proven expertise in securing cloud environments (AWS/GCP), Linux deployments, and containerized workloads.
API & Application Security: Deep understanding of API security principles and experience securing APIs in high-throughput environments.
Technical Tools: Hands-on proficiency with cloud-native security tools, SIEM platforms, and vulnerability scanners (e.g., Nessus, Qualys)..
Privacy & Compliance: Strong working knowledge of GDPR and its practical application in data-heavy, European-based environments.
Supply Chain Security: Experience managing vendor risk, third-party integrations, and dependency security.
Scripting: Strong ability to automate security workflows using Python, Bash, or similar languages.
Education: BA/BS degree in Computer Science, Information Security, or a related technical field.

Bonus points:

Ad-Tech Context: Familiarity with the programmatic advertising ecosystem (DSP, SSP, Ad Exchanges), SDK security, or invalid traffic (IVT) mitigation.
Advanced Principles: Deep understanding of threat modeling, and secure SDLC/DevSecOps practices.
Compliance Knowledge: Familiarity with planning or maintaining industry standards and certifications such as ISO 27001, NIST, SOC2 or CCPA.
Mindset: A pragmatic, problem-solving mindset-finding the right balance between rapid velocity and strict security standards.

Please note that we do NOT provide VISA sponsorship. Candidates without a legal permit to work in Spain won't be considered.

What is in it for you:

Integrate a highly motivated, young and dynamic team
Great compensation package
Top location at the heart of Barcelona with a rooftop terrace, Barbecue, and a fully stocked fridge
Great work-life balance: work from home (2 days per week), flexible hours
Meal vouchers - Ticket Restaurant monthly allowance
Monthly gym allowance: Choose between DiR and Wellhub
LinkedIn Learning and training opportunities
Monthly TGIF events
Regular team-building events
Fun and friendly work environment with talented marketers and engineers from over 40 countries
And more!

If you want to know more about us visit our website Smadex.com, and for a sneak peek of the cool stuff we build check this video out!

Apply for this position

Required*

First Name*

Last Name*

Email Address*

Phone*

Address*

Resume*

We've received your resume. Click here to update it.

Attach resume or Paste resume

Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

LinkedIn Profile URL:*

Desired salary*

Earliest start date?*

What type of legal work permit do you have to work in Spain?*

How many years of experience do you have?* < 3 years3 - 5 years5+ years

Hybrid model: Are you confortable working three days per week in our Barcelona office?*

What is your English level?*

Data Controller: SMADEX S.L. (''SMADEX''), ID B65322034, C/ Diputació 303 Primera Planta, 08009 Barcelona. Purpose: To manage your application within the framework of the recruitment processes carried out by Smadex. Legitimation: Application of pre- contractual measures to meet your job application. Recipients: In general, we do not disclose your data to third parties, except in the following cases: (i) those required by law; (ii) suppliers who provide us with certain services, who may have access to and/or process your personal data in their capacity as data processors. Duration: Regarding your application, we will retain the data for one (1) year from receipt and for as long as you do not express your refusal to the processing. At the end of this period, your data will be kept for the period of limitation of any possible legal liabilities of any kind. Your rights: Access, rectification, objection, erasure, restriction of processing, portability and the right not to be subject to decisions based solely on automated processing. You have the right to object at any time to the present processing of personal data, as well as to revoke the consent given. These rights may be exercised by sending a communication to the address of SMADEX, or via [email protected]. Likewise, you may, at any time, file a complaint with the Spanish Data Protection Agency (www.aepd.es). International transfers: In no case will your personal data be transferred to countries located outside the European Union for which there are no adequate guarantees. More information: You can find additional and detailed information on data protection in our Privacy Policy.
Please note, that in the event that you provide us with data of third parties, we remind you that you are solely responsible for having obtained their prior consent to communicate personal data to us in accordance with the purposes informed in each case, as well as for having informed them of the content of this informative clause.* I have read and accept the Privacy Policy.

Human Check*

Submit Application

Important Warning for Job Applicants: Beware of Scammers Impersonating Smadex

Cyber Security Engineer

Apply for this position