At the Schwarz Global Services - Barcelona we offer high value IT services for the entire Schwarz Group, which includes Lidl, Kaufland, Schwarz Produktion, PreZero, STACKIT and XMCyber. We are in the worldwide top 5 of Retail companies with 13.700 stores spread in 33 countries, more than 6 billion of costumers, and over 575.000 employees. We strive to develop and implement smart and efficient IT solutions to deliver the best experience to whole users, customers and colleagues. We are looking for open-minded colleagues with passion for technology, who are willing to find diverse and exciting career opportunities in a dynamic work environment that stands for development and progress.

Primary Mission

  • Working within the Information Security Team, and reporting to the Domain Tech Lead and in aligment with Chief Information Security Officer, you will be responsible for the end-to-end security of key digital products, and you will be working closely with software engineering/development in achieving product and security objectives. You will be designing security controls and helping to validate that our services, applications, and emerging technologies are designed and implemented to the highest security standards. You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and decisively taking action to mitigate emerging threats throughout a full Secure Software Development Life-Cycle (S-SDLC).

What You'll Do

  • Support and lead product development teams (shift left) as they develop new features by conducting Security within the Software Development Life Cycle (S-SDLC) through existing processes and technology, as well as proposing continuous improvement.
  • Assuring Security is applied by design. Prepare and enforce standards and guidelines for application security.
  • Enhancing secure coding practices. 
  • Coordinate external penetration tests against the applications as and when necessary.
  • Assess security vulnerabilities (SAST, KICKS, SCA, DAST, Pentests, infrastructure, XMCyber, etc.) within our applications, and work with development teams to ensure remediation in our established SLAs and monitoring its resolution.
  • Collaborate and accompany development teams defining security architecture requirements (i.e., Kubernetes security, network security, etc.) and ensuring compliance with group policies and security best practices. 
  • Strategical alignment with other Product Security Engineers and security areas to discuss and have a common understanding of the security standards in the hub.
  • Educating product development teams on security best practices and guidelines and increasing security culture.
  • Supporting compliance acting as the main point of contact during internal or external audits, ensuring products comply with group policies and industry standards.

What You'll Need

  • Bachelor (undergraduate) degree in a relevant field (Computer Science, Software Engineer, Security, or others) OR an equivalent combination of education, training, and experience.
  • 5+ years of work experience with any combination of at least 2 technical disciplines, including the following: cloud security (Azure K8s), network security, application security, security analyst, software development, coding, and ethical hacking.
  • Professional experience managing security assessments, including penetration testing.
  • Ability to impact dev teams through influence within a secure software development life cycle for multiple products and technologies, meeting customer expectations in security.
  • Experience implementing security solutions that resolve security and business risk trade-offs.
  • An understanding of networking and communication protocols (such as TCP/IP, UDP, SSL/TLS, IPSEC, HTTP, HTTPS, BGP).
  • Understanding of the main Information Security frameworks (NIST, OWASP, SANS).
  • An understanding basic concepts about cryptography, web service frameworks, mobile application architectures, and service architectures (such as event-driven, service-oriented, or serverless architectures).
  • Strong written and verbal communication skills (Spanish and English).
  • Experience working on a diverse development team.
  • Ability to communicate deep technical issues in terms of business risk with non-experts and senior leaders.
  • Strong bias for action balanced with a strong ability to dive deep into problems.
  • Strong ownership, leadership, and proactivity.

What We Offer

  • You will be part of an international team composed by people from different countries and backgrounds, where you’ll be able to share your experience and knowledge to carry-out team work and meet the objectives.
  • You’ll have a personal follow-up with your management team to help you understanding all business-related questions and guide you in your professional career.
  • We offer a competitive compensation and benefits package: lunch vouchers, health and dental insurance, transport, wellbeing, etc.

Product Security Engineer (m/w/d)

IT - Security

Apply Now »