Quick Summary
This is a Full-Time, Permanent Cybersecurity Expert role, available fully remote or in Barcelona, focused on optimizing and potentially leading the Security Operations Center (SOC) in a cloud-first environment. Mandatory requirements include a Bachelor's or Master's degree, deep knowledge of security frameworks (ISO 27001, NIST, PCI-DSS), and mandatory expertise in Azure and AWS cloud security. The role demands proficiency with Microsoft Sentinel and Defender (KQL), GNU/Linux systems, and scripting (Python, Bash, SQL, Java, PHP), focusing on advanced incident investigation, threat hunting, forensic analysis, and orchestrating CSIRT activities. The company offers a flexible schedule, 25 days of vacation plus your birthday off, and a 35-hour workweek in July and August.
Cybersecurity Expert (SOC & Cloud) - Remote or Barcelona
Leadtech, a global digital business innovator since 2009, is seeking a motivated Cybersecurity Expert to join our Security team. This role is vital for protecting our digital assets and optimizing our Security Operations Center (SOC). We specialize in delivering user-centric experiences across web and mobile platforms globally.
Your Mission: Key Cybersecurity Responsibilities
As a Cybersecurity Expert specializing in SOC and Cloud environments, you will operate, optimize, and potentially lead the Security Operations Center by focusing on:
Advanced Incident Investigation and Analysis
- Handling complex threats, including potential APTs and ransomware.
- Performing deep-dive forensics on compromised systems, analyzing malware, and reconstructing attack chains using packet captures and log data.
- Cross-source correlation of fragmented data from SIEM, EDR (Endpoint Detection and Response), and NDR (Network Detection and Response) tools.
Proactive Threat Hunting and Detection Engineering
- Proactively searching network and endpoint data for hidden, undetected threats.
- Developing custom detection logic and SIEM correlation rules to identify new malicious behavior.
- Refining alert systems to minimize false positives.
Incident Response and Containment
- Orchestrating the Security Incident Response Team (CSIRT) to isolate compromised assets and mitigate damage.
- Developing and updating security playbooks and automated workflows within SOAR platforms.
- Ensuring forensic evidence preservation according to legal and chain-of-custody standards.
Strategy, Compliance, and Reporting
- Analyzing vulnerability scan results and recommending remediation plans.
- Generating reports on incidents, trends, and SOC performance for management.
- Auditing systems for compliance (e.g., ISO 27K1, PCI DSS, HIPAA).
- Integrating external threat intelligence feeds to anticipate emerging threats.
Mentorship and Leadership
- Providing guidance, mentoring, and training to Tier 1 and Tier 2 analysts on complex investigations.
- Performing quality assurance via ticket reviews to ensure high-quality documentation and adherence to SLAs.
Required Skills and Experience
We seek a highly technical, hands-on cybersecurity professional who thrives in a dynamic, cloud-first environment.
Must-Have Technical Expertise:
- Bachelor/Master's degree in Cybersecurity, Information Security, Computer Science, or a similar discipline.
- Deep knowledge of security frameworks such as ISO 27001, NIST, PCI-DSS, OWASP, and GDPR.
- Expertise in cloud computing, application security, cryptography, forensics, and vulnerability detection, with Azure & AWS experience being mandatory.
- Deep knowledge of cybersecurity concepts including GNU/Linux systems, TCP/IP, DNS, and firewalls.
- Proficiency with Microsoft Sentinel and Defender, including writing KQL queries.
- Experience with Microsoft Azure components (Network Security Groups, Recovery Services Vaults, Playbooks and Workbooks).
- Proficiency in scripting and programming languages: Python, Bash, SQL, Java, and PHP.
- Understanding and ability to perform penetration testing on applications and identify attack vectors.
- Ability to evaluate, track, and manage information security threats and vulnerabilities.
Valuable Skills (Plus Points):
- Familiarity with Datadog.
- Familiarity with vulnerability scanning tools such as SonarQube, AWS Inspector, Qualys, or Nessus.
- Relevant certifications (CompTIA Security+, Microsoft Defender Certificate, Microsoft Sentinel Certificate, CISSP, CEH).
- Familiarity with attack and exploitation techniques (CISSP, CompTIA, CEH).
Soft Skills:
- Strong analytical and problem-solving capabilities.
- Effective communication skills for cross-functional collaboration.
- Ability to report and create KPIs for the Security Department.
- Familiarity with ticketing tools such as Jira.
- Commitment to staying current on the latest cybersecurity trends and technologies.
Benefits and Work-Life Balance
Leadtech offers a competitive salary, a full-time permanent contract, and a commitment to employee growth.
- Growth & Development: Flexible career path, personalized internal training, and an annual budget for external learning.
- Flexibility: Flexible schedule (flextime), full remote work option, or work from our Barcelona office.
- Time Off: 25 days of vacation plus your birthday off, with flexible vacation options (no blackout days). Enjoy free Friday afternoons (7-hour workday) and a 35-hour workweek in July and August.
- Comprehensive Benefits: Top-tier private health insurance (including dental and psychological services), ticket restaurant, and nursery vouchers.
Location
You have the flexibility to choose between working fully remote or from our exceptional office located in Barcelona's Blue Building, right on the city's seafront. The Barcelona office includes perks like free coffee, fresh fruit, snacks, a game room, and a rooftop terrace.