[Hiring] Director, Security Engineering @Auctane

Role Description

Reporting directly to the Chief Information Security Officer (CISO), the Director of Security Engineering holds a critical leadership position within the Information Security Group, with a specific mandate to fortify Auctane's global engineering and operational capabilities. This role necessitates the leadership and oversight of multiple security programs spanning the engineering and operations teams.

The successful candidate will be instrumental in defining and developing the technology and processes governing cybersecurity practices to secure Auctane's global infrastructure. The role will specifically concentrate on securing the Enterprise and Cloud Infrastructures, alongside managing security architecture, engineering, and operations responsibilities. This critical role requires a successful candidate to define and lead the technology and processes that define Auctane's global cybersecurity practices. The primary focus of this position is to secure the Enterprise and Cloud Infrastructures while also managing core security operations.

The Infosec group operates as part of the broader R&D Tech function, which utilizes modern architectural patterns and technologies, including AI, at scale and pace. This remote role, based in Spain, requires the successful candidate to work during hours that overlap with the US-based organization.

• Travel Requirements: Up to 10% travel required.

About the team

We have a flat and open engineering culture where diverse opinions and perspectives are valued, data and evidence beats opinion and hierarchy, backed by honest and frank discussions. We passionately believe in forming autonomous, cross functional teams who are empowered to deliver our ambitious strategy.

• Engineering culture characterized by its flat and open structure.
• Diverse opinions and perspectives are highly valued.
• Decisions driven by data and evidence, superseding opinion and hierarchy.
• Candid and transparent discussions are encouraged.
• Strong advocates for the formation of autonomous, cross-functional teams.

What will you be doing?

• Develop and implement a comprehensive security engineering roadmap, ensuring alignment with business objectives and risk appetite.
• Oversee the design, review, and implementation of security architecture across network, infrastructure, and cloud environments.
• Hire, mentor, and manage a high-performing team of security architects and engineers, fostering a culture of excellence and accountability.
• Identify security gaps and the necessity of security tools, while leading the requirements, evaluation and adoption of security tools to build automation and efficiency.
• Conduct threat modeling and vulnerability management to prioritize security investments and address potential breaches.
• Collaborate with IT, Product, Engineering, Legal, and Compliance teams to promote “Secure by Design” practices across the organization.
• Building relationships with all staff to promote “Security by Design” throughout the Engineering Teams and wider business.

Qualifications

• Master’s degree in Cybersecurity, Information Technology, Computer Science, or a related technical field.
• 12+ years of progressive experience in cybersecurity, with at least 3-5 years in a leadership capacity.
• Experience leading large scale cyber security implementations.
• Expert level experience in multiple security domains within the Enterprise and Cloud Infrastructures.
• Advanced level experience leading large scale cross-functional programs.
• Experience leading senior staff, influencing and collaborating with external team members.
• Able to balance the demands of delivering high quality and demanding timescales.
• Relevant industry certifications (e.g. CISSP, CISM, CRISC, AWS Security, GCP Security).

What will make you stand out?

• Expert-level knowledge of AWS, Azure, and/or GCP security.
• Expertise in vulnerability and risk management across public cloud and enterprise environments.
• Expertise in leading advanced threats detection and prevention programs in a cross-functional environment.
• Expertise in developing security patterns with architectural recommendations.
• Advanced experience in software development practices, automation with basic knowledge of AI.

The tech stack

• AWS, GCP, SaaS, and Enterprise Artificial Intelligence Solutions (Gemini, Claude, internal).
• CNAPP, DSPM, and Cloud Security Solutions Application Security Technologies (DAST, SAST, SCA, ASM).
• Email Security Technologies.
• SIEM Solutions and Detection Technologies.
• Google Workspace.
• Vulnerability Management Solutions.
• Application Security.
• Python, PowerShell, Bash.

Benefits

• Clear and transparent compensation plan. The salary range goes from 95,000€ to 104,000€ gross per year + Bonus.
• Flexible salary benefits to save on personal income tax.
• Private health insurance free for all employees via Cigna, plus we cover 50% for your family members.
• Generous time off: 26 days of holiday per year (23 base days + your birthday off, Christmas Eve, and New Year’s Eve).
• Your gear, your choice: Mac or Windows, or need an extra screen.
• Annual Salary Review to recognize professional growth.
• Up to €800/year in training (certifications, conferences, workshops).
• Access to internal and external training, including platforms like LinkedIn Learning.
• Holistic wellness program including access to Wellhub, Curalinc, and regular health webinars & challenges.
• One day off a year to volunteer.
• Free therapy vouchers.
• Health & wellness support up to €55/month for gym or fitness classes.
• Weekly language classes in small groups with expert instructors.
• 8 hours per year for personal medical appointments and 10 hours per year for family’s medical needs.
• Flexible work-life balance.
• Inclusive, upbeat culture celebrating diversity.
• A global, multicultural team with 20+ nationalities.
• Packlink Pro discount for personal shipments.
• Referral bonuses for candidates referred.
• Central Madrid office with free snacks and drinks.
• Regular team-building activities and meetups.