Exposure Management Technical Expert, hibrido
Empresa
UST
Provincia
Madrid
Ciudad
Madrid
Tipo de Contrato
Tiempo Completo
Descripción
Exposure Management Technical Expert
We are looking for the very Top Talent and we would be delighted if you were to join our team!
More in details, UST is a multinational company based in North America, certified as a Top Employer company with over 35,000 employees all over the world and presence in more than 30 countries. We are leaders on digital technology services, and we provide large-scale technologic solutions to big companies.
What are we looking for?
We re looking for an Exposure Management Technical Expert. You will join a strategic project with a global client in the wealth management sector.
As an Exposure Management Technical Expert within our Security Compliance Competence Centre (SCCC) in Madrid, you will play a key hands-on role in strengthening our proactive security testing program.
Acting as an internal penetration testing specialist, you will:
- Validate external security findings
- Ensure technical quality and reproducibility of deliverables
- Support the scoping and execution of penetration testing engagements
You will collaborate closely with Exposure Managers, application and technology teams, and external vendors to ensure consistent and high-quality testing practices across the organization.
Key Responsibilities
Penetration Testing Validation
- Reproduce and validate vulnerabilities and their remediation using tools such as Burp Suite and Nmap
- Apply manual and automated techniques across web applications, APIs, and infrastructure
Technical Quality Assurance
- Review penetration testing reports to ensure:
- Accuracy
- Completeness
- Clarity
- Reproducibility of findings
Scoping Advisory
- Support risk-based scoping of penetration testing engagements
- Act as a technical advisor on:
- Security testing methodologies
- Findings interpretation
- Remediation strategies
Security Standards Best Practices
- Ensure alignment with:
- OWASP Testing Guide
- OWASP Top 10
- Internal security standards
False Positive Risk Management
- Analyze reported vulnerabilities and identify false positives
- Ensure correct classification and prioritization
Remediation Hardening
- Provide technical guidance to development and infrastructure teams
- Collaborate with architects on secure and resilient baseline configurations
Collaboration Knowledge Sharing
- Work closely with Exposure Managers and global technical teams
- Share insights, patterns, and lessons learned to improve internal practices
- Support consistent execution across all penetration testing activities
Your Profile
Required Qualifications
- Bachelor s degree in Computer Science, Information Security, or equivalent experience
- 3 5 years of hands-on experience in:
- Penetration testing
- Application security
- Vulnerability assessment
- Strong experience with web application security testing tools (e.g., Burp Suite)
- Solid understanding of:
- OWASP Top 10 vulnerabilities
- Exploitation techniques
- Ability to:
- Read, understand, and reproduce penetration testing findings
- Communicate technical topics to non-technical stakeholders
- Knowledge of:
- HTTP/S protocols
- Authentication mechanisms
- Modern web architectures (APIs, microservices)
- Strong analytical and problem-solving skills
- Professional proficiency in English and Spanish
- Eligibility to work in Spain
Nice to Have
- Certifications such as:
- OSCP, eWPT, CEH, GWAPT, Burp Suite Certified Practitioner
- Experience:
- Reviewing third-party security reports
- Working with external testing vendors
- Infrastructure/network penetration testing
- Secure code review or secure development practices
- Programming/scripting skills (e.g., Python, JavaScript)
- Experience in financial services or regulated environments
- Familiarity with DevSecOps or CI/CD security integration
- German language skills
Location: Hybrid. Madrid city center (Sol area). 3 days a week in the office.
What can we offer?
- 23 days of Annual Leave plus the 24th and 31st of December as discretionary days!
- Numerous benefits (Health Care Plan, teleworking compensation, Life and Accident Insurances).
- Retribución Flexible Program: (Meals, Kinder Garden, Transport, online English lessons, Health Care Plan )
- Free access to several training platforms
- Professional stability and career plans
- UST also, compensates referrals from which you could benefit when you refer professionals.
- The option to pick between 12 or 14 payments along the year.
- Real Work Life Balance measures (flexibility, WFH or remote work policy, compacted hours during summertime )
- UST Club Platform discounts and gym Access discounts
If you would like to know more, don t hesitate to apply and we ll get in touch to fill you in detail. We are waiting for you!
In UST we are committed to equal opportunities in our selection processes and do not discriminate based on race, gender, disability, age, religion, sexual orientation or nationality. We have a special commitment to Disability Inclusion, so we are interested in hiring people with disability certificate.
Burp Suite, Nmap, Python, JavaScript, OWASP
We are looking for the very Top Talent and we would be delighted if you were to join our team!
More in details, UST is a multinational company based in North America, certified as a Top Employer company with over 35,000 employees all over the world and presence in more than 30 countries. We are leaders on digital technology services, and we provide large-scale technologic solutions to big companies.
What are we looking for?
We re looking for an Exposure Management Technical Expert. You will join a strategic project with a global client in the wealth management sector.
As an Exposure Management Technical Expert within our Security Compliance Competence Centre (SCCC) in Madrid, you will play a key hands-on role in strengthening our proactive security testing program.
Acting as an internal penetration testing specialist, you will:
- Validate external security findings
- Ensure technical quality and reproducibility of deliverables
- Support the scoping and execution of penetration testing engagements
You will collaborate closely with Exposure Managers, application and technology teams, and external vendors to ensure consistent and high-quality testing practices across the organization.
Key Responsibilities
Penetration Testing Validation
- Reproduce and validate vulnerabilities and their remediation using tools such as Burp Suite and Nmap
- Apply manual and automated techniques across web applications, APIs, and infrastructure
Technical Quality Assurance
- Review penetration testing reports to ensure:
- Accuracy
- Completeness
- Clarity
- Reproducibility of findings
Scoping Advisory
- Support risk-based scoping of penetration testing engagements
- Act as a technical advisor on:
- Security testing methodologies
- Findings interpretation
- Remediation strategies
Security Standards Best Practices
- Ensure alignment with:
- OWASP Testing Guide
- OWASP Top 10
- Internal security standards
False Positive Risk Management
- Analyze reported vulnerabilities and identify false positives
- Ensure correct classification and prioritization
Remediation Hardening
- Provide technical guidance to development and infrastructure teams
- Collaborate with architects on secure and resilient baseline configurations
Collaboration Knowledge Sharing
- Work closely with Exposure Managers and global technical teams
- Share insights, patterns, and lessons learned to improve internal practices
- Support consistent execution across all penetration testing activities
Your Profile
Required Qualifications
- Bachelor s degree in Computer Science, Information Security, or equivalent experience
- 3 5 years of hands-on experience in:
- Penetration testing
- Application security
- Vulnerability assessment
- Strong experience with web application security testing tools (e.g., Burp Suite)
- Solid understanding of:
- OWASP Top 10 vulnerabilities
- Exploitation techniques
- Ability to:
- Read, understand, and reproduce penetration testing findings
- Communicate technical topics to non-technical stakeholders
- Knowledge of:
- HTTP/S protocols
- Authentication mechanisms
- Modern web architectures (APIs, microservices)
- Strong analytical and problem-solving skills
- Professional proficiency in English and Spanish
- Eligibility to work in Spain
Nice to Have
- Certifications such as:
- OSCP, eWPT, CEH, GWAPT, Burp Suite Certified Practitioner
- Experience:
- Reviewing third-party security reports
- Working with external testing vendors
- Infrastructure/network penetration testing
- Secure code review or secure development practices
- Programming/scripting skills (e.g., Python, JavaScript)
- Experience in financial services or regulated environments
- Familiarity with DevSecOps or CI/CD security integration
- German language skills
Location: Hybrid. Madrid city center (Sol area). 3 days a week in the office.
What can we offer?
- 23 days of Annual Leave plus the 24th and 31st of December as discretionary days!
- Numerous benefits (Health Care Plan, teleworking compensation, Life and Accident Insurances).
- Retribución Flexible Program: (Meals, Kinder Garden, Transport, online English lessons, Health Care Plan )
- Free access to several training platforms
- Professional stability and career plans
- UST also, compensates referrals from which you could benefit when you refer professionals.
- The option to pick between 12 or 14 payments along the year.
- Real Work Life Balance measures (flexibility, WFH or remote work policy, compacted hours during summertime )
- UST Club Platform discounts and gym Access discounts
If you would like to know more, don t hesitate to apply and we ll get in touch to fill you in detail. We are waiting for you!
In UST we are committed to equal opportunities in our selection processes and do not discriminate based on race, gender, disability, age, religion, sexual orientation or nationality. We have a special commitment to Disability Inclusion, so we are interested in hiring people with disability certificate.
Burp Suite, Nmap, Python, JavaScript, OWASP