We are looking for a **Platform Security Engineer** to join our Platform team and own the technical security of our live infrastructure end-to-end. You will set the hardening baseline, lead vulnerability and penetration testing, drive disaster recovery readiness, and translate regulatory requirements into technical controls that hold up under audit. This is a hands-on, high-ownership role with direct impact on how securely we operate and grow.

**Key Responsibilities**:

- Define and maintain security hardening baselines for Azure tenants, codify security guardrails for the Avarda Azure tenant including: landing zones, secure-by-design patterns, networks segmentation, security policy. Vulnerability scan for public products domains.
- Define and maintain on-prem security hardening baselines: Server hardening, network segmentation and integration with Azure, identity security baselines, and produce compliance reports.
- Lead pen/penetration testing technically: scope tests, triage findings, drive remediation, and report on progress.
- Own the vulnerability management end-to-end: tooling, integration, prioritization, remediation tracking, reporting.
- Own response to security alerts and incidents raised by supplier (like TRUESEC, BaffinBay), Microsoft Defender, and other detection sources — triage, lead remediation across infrastructure, and close the loop with the SOC and CISO function. Collaborate with supplier to evaluate and improve monitoring, alerting, and protection capabilities across security platforms.
- Own the continuous security improvement backlog for our infra. — drive Azure Secure Score uplift, drive on-prem infra. Security improvement.
- Drive Disaster Recovery technical readiness: draft, test, and maintain DR plans alongside system owners and CISO function.
- Drive DevSecOps initiatives across CI/CD and software supply chain security, including security scanning, dependency/vulnerability detection, secrets management, and pipeline hardening.



Serve as a security partner for developers and promote secure engineering practices.
- Compliance technical execution at infrastructure level: ISO 27001 / NIST CSF mapping, technical evidence and responses for internal and external audits.
- Technical risk assessments for new infrastructure tooling, significant architectural changes, and vendor onboarding that touches infrastructure.

**Qualifications and Experience**:

- 5+ years in infrastructure security, platform security engineering, or security architecture roles spanning both cloud and on-prem environments.
- Deep, current Azure security expertise — Defender for Cloud, Microsoft Sentinel, Azure Policy, Entra ID, PIM, etc.
- On-prem infrastructure security: Server hardening, network segmentation, certificate management.
- Vulnerability management at scale: tooling, prioritization frameworks, working with system owners to close findings.
- Penetration test coordination: scoping, technical triage, remediation tracking. Hands-on with continuous testing platforms (Pentera or similar) appreciated.
- Disaster recovery: drafting plans, running tests, working with system owners.
- Compliance fluency: hands-on experience mapping ISO 27001 or NIST controls to technical infrastructure implementations and supporting external audits.
- DevSecOps fluency: shift-left scanning, secrets management, policy as code.
- Threat modelling at architecture level (STRIDE or equivalent, applied in practice).
- Comfortable communicating with engineers, risk and compliance teams, and external auditors.
- Builds rather than gatekeeps — ships secure tooling other engineers want to use, rather than policy documents they ignore.
- Comfortable with multiple stakeholders.
- Pragmatic over perfect — accepts that security wins by being adopted, not by being theoretically idóneo.
- English — professional working proficiency in writing and speaking (required).
- Bachelor's degree in Computer Science, Software Engineering, or a related technical field.

📌 Platform Security Engineer (Málaga)
🏢 Avarda Group
📍 Málaga