Are you passionate about securing computer systems? Do you keep yourself updated on emerging digital threats? Does doing this in a global InfoSec team your next career step? Then look no further and apply for our Security Architect (m/f/d) role based in Barcelona. This is an exciting opportunity where you’ll get the chance to perform internal and external penetration testing, evaluate and implement new security technologies, and safeguard the continuous improvement of our security posture and infrastructure. EQS Group is a leading international cloud software provider in corporate compliance, investor relations, and ESG. By working with EQS Group, thousands of companies worldwide inspire trust by fulfilling complex national and international disclosure obligations, minimizing risks, and communicating transparently with stakeholders.As you might have already guessed from all this trust & compliance talk, transparency is essential to us. That’s why we communicate all our commitments to sustainability, diversity, equality, and well-being on our homepage and our social media platforms. We do this for you, for us, for everyone – fairly and publicly.The key to our success is hiring talented people who bring passion to the table every day, take responsibility and support each other in the best possible way to create a trustworthy environment.

• You're important! A trusting environment and lifelong learning for your individual development. Set personal development goals, receive support and regular feedback. We support you in equipping yourself for success.
• Living our values! Take responsibility for a variety of tasks, find out what you like to work on, and find your way to make your own personal impact with us!  
• Great atmosphere! Regular team events, BarCamps, a talented international team, and a common goal that unites us all. Take a look at #EQSlife on Instagram!
• Be part of an exciting journey! Contribute to our success story of becoming the leading European cloud provider for corporate compliance, investor relations solutions, and sustainability reporting (ESG Tech).
• Work-life balance is a must! You will work from an office in Barcelona city center with also the opportunity to work remotely, even from other European countries, and to flexibly arrange your working hours.
• Health is a priority!  We offer health insurance, meal vouchers for your healthy breaks, and you can also benefit from our corporate mental health counseling!

Our Information Security Department runs globally, with operations across Europe and India. Our structure is divided into three primary pillars: Audits, Certifications, and Assurance (ACA), Security Architecture (SecArc), and Security Operations (SecOps).  See how your abilities can contribute:  

• Champion the set-up, maintenance, and operation of the Security Architecture and Engineering functions.
• Collaborate with software development teams, site reliability engineers, and operational teams to ensure our services have appropriate security controls and processes.
• Contribute to the overall CISO strategy, goal setting, and programs.
• Manage relationships with third-party security providers.
• Create and maintain security orchestration and automation tools, including the cloud.
• Perform and communicate penetration testing across all EQS Group’s technologies.
• Coordinate and manage external penetration testing, vulnerability, and bug bounty programs.

• You have 7+ years of working experience of which at least 3 are in information security. 
• You possess good knowledge of OWASP Top 10. 
• Experience in or willingness to learn technologies like Application Penetration Testing, Static Code Analysis, Improvement of Application Security Architecture, Secure Development Life Cycle. 
• Certifications like OSCP, OSEP, OSEE, OSWE (Offensive Security) or eCPPT, eCTHP, eCPTX, and eWAPT (eLearn Security) or willingness to obtain them.
• You’re comfortable working in an international team and communicating proficiently in English.
• Provide support for internal security-related projects to facilitate best practices across the company. 
• You’re proactive and can recommend practical software and operational security improvements-evaluating and implementing enhancements. 
• You have a knack for studying architecture/platforms and identifying security gaps in the development phase. 
• You can analyze, understand, and further develop existing code bases regarding security flaws. 
• You advise on best security development practices for current and new projects. 
• Detail-oriented, precise, and effective communicator. 
• Self-reliant and profound working methods. 
• You have an analytical, independent, and results-oriented approach. 

• Relevant certifications in Cyber Security or Information Security Sector.
• Experience in software development or system administration.
• Software development background (Proficiency in PHP, MySQL, Python, and HTML / XML / XSLT / CSS / JavaScript / ASP.NET).

• Consolidated experience with IT system administration, networking, Cloud technologies, and programming/scripting languages.
• Understanding of DevSecOps, automation, orchestration, Security architecture, and frameworks such as TOGAF and/or SABSA.
• Ability to “think outside the box” and predict scenarios exploitable from threat actors.
• Knowledge of Security principles and techniques such as OWASP, SAST, and DAST. 
• Competence in IT forensics technologies.