Crossmint
Senior DevSecOps Engineer (Spain)
Rol remoto de DevSecOps Engineering con fit claro de ubicación del candidato.
Publicado4 jul 2026
Países elegibles2 países aceptados
Señal de senioritySenior
Modelo de trabajoRemoto
Ubicaciones aceptadas para candidatos
EspañaEstados Unidos
Resumen del rol
Senior DevSecOps Engineer (Spain)
Requisitos y responsabilidades
Contenido del rol extraído en secciones para revisar más rápido.
Base salary range: 85,000 - 110,000 EUR
- Stock options are part of every full-time offer, granted on top of the base salary range above. We want everyone here to be a genuine stakeholder in what we're building.
- We conduct two performance reviews annually. The first addresses performance ratings, bonuses, and promotions. The second encompasses these elements along with salary adjustments reflecting inflation and market conditions.
Cloud and Infrastructure Security
- Own security across our AWS environments (primary), with additional exposure to GCP and Vercel: IAM, Security Hub, CloudTrail, GuardDuty, KMS, and related controls.
- Design, maintain, and monitor security controls across cloud infrastructure: logging pipelines, alerting thresholds, key management, and privileged access workflows.
- Manage security-relevant access controls across cloud environments and internal systems, including service accounts, credential rotation, and periodic access reviews.
- Provide security input to IT & Infrastructure on network segmentation, endpoint security baselines, and cross-system access policies, without owning those systems yourself.
Application and Developer Security
- Secure our CI/CD pipelines and GitHub Actions environments: secrets management, supply chain risk, and dependency vulnerability workflows.
- Perform secure code reviews and provide hands-on application security support to engineering teams.
- Review authentication flows, payment logic, and API security with human judgment, not just automated scanners.
- Partner with engineers to remediate vulnerabilities and embed security practices into the development lifecycle.
Vulnerability and Incident Management
- Own vulnerability management end-to-end: identification, prioritization, remediation tracking, and verification.
- Coordinate our external security review program with third-party audit and penetration testing firms.
- Support incident response through internal triage and investigation, working alongside our external 24/7 response partners.
Compliance and Audit Support
- Support SOC 2 and other compliance efforts by collecting evidence, documenting controls, and maintaining audit-ready processes for engineering and security-related controls.
- Contribute to DORA compliance initiatives where applicable.
- Maintain clear, auditable documentation of security processes to support audit cycles and long-term knowledge transfer.
Must Haves
- 4–8 years of experience as a security engineer, with a clear security-first background rather than a generalist infrastructure background.
- 3+ years of hands-on experience securing AWS environments: IAM, Security Hub, CloudTrail, GuardDuty, and KMS.
- Strong practical knowledge of CI/CD security: GitHub Actions, secrets scanning, and dependency management.
- Experience with secure code review or core application security concepts (OWASP, auth flows, API security).
- Experience working within at least one compliance framework, SOC 2 preferred, with ISO 27001 or similar acceptable.
- Fluent communicator across technical teams — you can work productively with developers and IT engineers without needing to own their domains.
- Self-directed and organized. You track your own work and do not drop threads.
- Experience using AI-assisted tools such as Claude or GitHub Copilot for security automation or research.
- Ability to work flexible hours if an incident arises.
Nice to Haves
- Experience at a fintech, payments, or crypto company.
- Familiarity with DORA or MiCA compliance requirements.
- Exposure to blockchain or crypto-specific security considerations.
- Prior experience where security work regularly intersected with IT or infrastructure teams.
How to Succeed
- Take a security issue from identification through remediation with minimal guidance.
- Prioritize based on risk and impact, not on who is asking the loudest.
- Contribute meaningfully to Engineering and IT conversations without needing to own those functions.
- Document clearly enough that an auditor or a teammate can follow the trail six months later.
- Push back when something is insecure, and offer a practical alternative.
- Know when to escalate versus handle independently.
Benefits
- Extensive access to leading AI tools and subscriptions, with AI actively encouraged and integrated into daily workflows.
- Unlimited Paid Time Off.
- Parental Leave program.
- Company laptop and allowance for any necessary home equipment.
- Daily stipend for in-office meals and/or commuting to the office.
- Three company-paid off-sites each year. Recent ones include: Miami, Lisbon, Medellín, Panamá.
- Health + Dental insurance fully covered by Crossmint.
- Flexible retribution with tax benefits through Cobee.
Our Principles
- Results and delivery: Ship high quality work fast.
- Build for the long term: Build scalable, secure, and reliable solutions. Use AI.
- Extreme Ownership: Be an effective Directly Responsible Individual (DRI). Be proactive.
- Be a team player: Be an effective and kind colleague providing credible challenge. Be present and reliable.
Who will be in contact with you
- Adolfo Fernández - Head of People Ops
- Gloria Alogo - People Ops, Onboarding & Benefits
Roles similares
Mantén una lista de respaldo.
Stack
Usa estas tags para comparar roles remotos similares.
Elegibilidad de ubicación
Candidatos deberían aplicar solo cuando el país del perfil aparece aquí.
Tu perfilPaís no definidoInicia sesión para comparar tu país con este rol.
Flujo de contratación
WithMira muestra el rol y luego envía candidatos a la aplicación de la empresa.
1Revisa fit del rol, stack y elegibilidad de ubicación en WithMira.
2Abre la página de aplicación de la empresa desde el link rastreado.
3Guarda el rol o suscríbete a oportunidades similares antes de salir.