Senior Cybersecurity Engineer DevOps

Company Description

Colliers is a leading diversified professional services and investment management company. With operations in 68 countries, our 22,000 enterprising people work collaboratively to provide expert advice to maximize the potential of property and real assets to accelerate the success of our clients, our investors and our people.

We are at the forefront of the real estate industry, leading the way and backed by an exceptional record of success. We are building for our future – and yours.

We strive to build our business at a competitive pace by augmenting internal growth with smart strategic acquisitions that increase market share, expand service offerings and extend our geographic reach for the benefit of our clients and shareholders.

For more than 29 years, Colliers has created value for shareholders that has resulted in superior returns and industry growth. Our people also own significant equity in our business, which brings pride of ownership to everything we do. We are passionate, take personal responsibility and always do what's right for our clients, people and communities.

Job Description

We are looking for an experienced and passionate Senior CyberSecurity Engineer DevOps for our newly established Technology Hub in Madrid.
This is a unique opportunity to become part of the founding team that helps shape the culture, practices, and technical direction. Working in a hybrid model (2 days on-site), you will enjoy significant freedom to innovate and influence the future of one of the world’s largest commercial real estate companies. With the leadership of the Global Technology Hub coming from a background of technology startups, you will benefit from a fast-paced learning environment, high visibility of your contributions and opportunities to shape processes, culture and technology strategies. At the same time, you take advantage of the stability, resources, and reach of a successful global company. 
The Madrid Hub collaborates closely with international teams to deliver world-class technology solutions that power the future of commercial real estate.

As Senior CyberSecurity Engineer DevOps you play a key role in embedding security into our engineering operations across GCP and Azure environments. Working closely with other members of the DevOps function, engineering teams and infrastructure team, this role ensures that security is an integral part of our development lifecycle. The Senior CyberSecurity Engineer DevOps will design, implement and maintain secure architectures and act as a bridge between engineering and information security functions.

You will contribute to global products and platforms that serve both internal and external customers in Commercial Real Estate across multiple regions. You will ensure delivery excellence, engineering quality and great consumer experience. You are a hands-on problem-solver with strong design principles, who thrives in a collaborative and agile environment. As a senior contributor of the DevOps function, you will set technical direction, drive best practices. and mentor junior engineers while building solutions with real business.

Secure Software Development Lifecycle (SSDLC)

• Pipeline Integration: Embed security controls and automated tooling into CI/CD pipelines (e.g., SAST, DAST, SCA/dependency scanning, and container image scanning).
• Standards & Practices: Partner with QA and Software Engineering to define and champion secure coding standards.
• Risk-Based Prioritization: Support Product Owners by providing risk-based technical input during sprint prioritization and release planning.
• Architectural Resilience: Collaborate with CloudOps to design and validate secure, resilient cloud architectures.
• Provide guidance on the secure integration of AI/LLM components, ensuring data privacy (e.g. protection against prompt injections or insecure output handling).

Cloud and Infrastructure Security

• Security Baselines: Define and enforce security baselines for GCP and Azure resources, focusing on IAM, network segmentation, storage encryption, and key management.
• Policy Alignment: Work closely with Cloud Engineering to ensure project-specific policies align with global security standards and compliance requirements.
• Security as Code: Design and contribute to reusable, secure-by-default Infrastructure as Code (IaC) modules and implement Policy as Code and Compliance as Code frameworks to prevent, detect, and remediate misconfigurations.
• Container Security: Ensure containerized workloads (e.g. Kubernetes, Docker, App Services) are secured end-to-end, from registry to runtime.

Operational Security and Monitoring

• Observability: Contribute with logging, monitoring, and alerting systems for security events in collaboration with SRE and Infrastructure teams.
• Security Assessments & Penetration Testing: Performing security assessments and facilitate third-party penetration testing and coordinate the remediation of findings.
• Incident Response: Provide technical guidance during security incidents, including root cause analysis (RCA) and post-mortem reviews to prevent recurrence.
• Governance, Risk Management and Compliance
• Compliance: Ensure continuous compliance with ISO 27001, GDPR, and other relevant regulations by embedding automated controls.
• Audit Readiness: Contribute to audits and reporting by ensuring technical evidence of security controls is always available and up to date.

Qualifications

Required Skills/Experience:

• 5-8+ years of professional experience in DevOps, Security Engineering or Cloud Security roles.
• Proven Experience in GCP and Azure security models, including IAM, network security and secret management.
• Hands-on experience with container security (e.g. Kubernetes admission controllers, runtime scanning, image hardening).
• Strong knowledge of CI/CD pipelines and integration of security tooling (Azure DevOps preferred).
• Familiarity with compliance frameworks (ISO27001, SOC2, GDPR). And how to operationalize controls in engineering context.
• Strong experience in scription for automation (Python, Bash or Terraform).
• Agile Development experience (Scrum/Kanban), including story estimation, code reviews and pair programming.
• Experience working in distributed or remote teams and using tools such as Jira, GitHub, Miro and Azure DevOps.
• Excellent interpersonal and communication skills, fluent in English and Spanish.
• Understanding of secure development practices and compliance frameworks (e.g. ISO27001, GDPR, SOC2).

Preferred Skills/Experience:

• Background in software or infrastructure engineering.
• Ability to work in a fast-paced, growing tech environment and to foster change in larger organizations.

Additional Information