IT Security Engineer
ABOUT CODEWAY
Codeway builds consumer apps used by millions around the world, spanning AI creativity, wellness, learning, and productivity. Our products are built with a strong focus on user experience, speed, and quality, and are powered by deep in-house technology and data capabilities.
Barcelona is a growing core hub for Codeway. We are building a strong engineering culture here, focused on ownership, fast execution, and high standards of craft. This is a place for engineers who want to stay close to the product, influence real decisions, and see their work reach users quickly.
POSITION
We’re looking for an IT Security Engineer to help build and mature security across our growing organization. This role sits at the intersection of IT, Security, and Engineering, helping design, implement, and continuously improve security controls across identity, endpoints, SaaS platforms, and cloud infrastructure.
You’ll work closely with IT and Engineering teams to build security capabilities that support company growth while maintaining a practical, collaborative, and business-friendly security posture. This is a hands-on role with meaningful opportunities to shape security foundations, improve processes, and influence how security evolves across the organization.
Several security capabilities are still early in their maturity and continuing to evolve. We are looking for someone who enjoys building and improving the programs, processes, controls, and automation that will form the foundation of our security function as the company scales.
We welcome applicants from all backgrounds and experiences. If you’re excited about building security capabilities and believe you could be a strong fit for the role, we encourage you to apply, even if your experience does not align perfectly with every qualification listed below.
WHAT YOU’LL BE DOING?
Security Operations & Incident Response
Partner with teams to strengthen security monitoring, detection, and response capabilities.
Investigate security events, coordinate incident response activities, and continuously improve operational playbooks and response processes.
Develop security metrics and reporting that provide visibility, support prioritization and risk management, and demonstrate the effectiveness of security controls.
Identity, Endpoint & SaaS Security
Strengthen security controls across identity, endpoint, and business-critical SaaS platforms.
Improve identity and access controls, including governance, privileged access management, MFA, conditional access, and device trust.
Establish endpoint security standards, monitoring capabilities, and remediation processes.
Partner with stakeholders to evaluate security considerations for new applications, vendors, and integrations.
Cloud Security & Vulnerability Management
Maintain and enhance security controls across cloud environments while promoting secure-by-default approaches.
Build and operate a sustainable vulnerability management process across infrastructure, cloud, endpoint, and SaaS environments, including prioritization, remediation tracking, and reporting.
Review cloud configurations, permissions, and security risks, partnering with teams on practical remediation strategies and secure-by-design approaches.
Security Engineering & Program Development
Design and implement automation that improves security operations and reduces manual effort.
Build integrations and workflows across security, identity, endpoint, and cloud platforms.
Contribute to architecture reviews, security standards, and long-term security roadmaps.
Support security governance, compliance, and audit readiness initiatives by helping implement, document, and maintain effective security controls and processes.
Partner with teams across the organization to promote secure working practices and help foster a positive security culture.
WHAT YOU’LL BRING?
Experience building, operating, or improving security controls in cloud-first environments, including identity, SaaS, endpoint, or public cloud platforms.
Experience collaborating with IT, Engineering, and business stakeholders.
Experience investigating security incidents and supporting remediation efforts.
Strong understanding of identity, endpoint, and cloud security fundamentals.
Experience automating workflows through scripting, APIs, or workflow platforms.
Ability to balance security requirements with operational efficiency and a positive employee experience.
NICE TO HAVE
Hands-on experience with identity, cloud, endpoint, or SaaS security platforms.
Experience building or maturing security programs, processes, or operational capabilities.
Experience with security tooling such as SIEM, CSPM, XDR, vulnerability management, or endpoint management platforms.
Experience supporting compliance initiatives, modern identity architectures, AI platforms, or emerging technologies.
Relevant certifications in cloud, endpoint, or security disciplines.
OUR ENVIRONMENT
You'll help secure and improve a modern cloud-first environment built around:
Google Workspace
Okta
Jamf
AWS
Google Cloud Platform (GCP)
Experience with these platforms is beneficial but not required. We value strong security fundamentals, curiosity, and the ability to quickly learn new technologies and environments.
WHAT SUCCESS LOOKS LIKE
Within your first 12 months, you’ll help establish and mature key security capabilities, including:
A scalable endpoint security program built around modern device management and protection tooling.
Robust identity security controls across cloud, SaaS, and infrastructure platforms.
A structured vulnerability management process with clear prioritization and visibility.
Collaborative security review processes for new vendors, applications, and integrations.
Improved visibility and reliability across security monitoring and response activities.
Security automation that reduces manual effort and improves operational consistency.
Stronger alignment with compliance and audit readiness expectations.
A culture where security is embedded into everyday work and planning across teams.
If you're excited about building security programs, improving systems through automation, and helping shape security in a growing company, we'd love to hear from you.
You'll join a collaborative environment where security is viewed as an enabler, not a blocker, and where you'll have the opportunity to help build lasting security capabilities that support the business as it continues to grow.
THE RECRUITING PROCESS
We are committed to keeping our recruitment process short and transparent. Here’s how it looks like:
Application
Talent & Culture Interview
Case Study
Tech Panel Interview
Final Interview
Offer