Lead Python Developer- Cybersecurity

Location:Barcelona or Madrid (40% office)

Conditions: Up to 70K + perks + benefits


Your Role

As a Lead Security Engineer, you will be instrumental in building and optimizing systems that collect, enrich, and analyze threat intelligence data. You’ll help improve automation, integration, and operational capabilities to keep systems agile, scalable, and secure.

Key Responsibilities

• Design and implement system integrations between various Threat Intelligence Source APIs and the Threat Intelligence Platform (TIP) to automate ingestion of indicators of compromise (IOCs).
  
• Maintain and enhance APIs that interface Apache NiFi with the indicators database, allowing the generation of IOC feeds based on types, attributes, tags, and severity, while supporting indicator enrichment workflows.
  
• Rapidly develop scripts and applications to support evolving operational needs, with minimal supervision.
  
• Gather threat intelligence from external sources and integrate it into the TIP, ensuring a comprehensive and timely data flow.
  
• Create, maintain, and refine playbooks for IOC enhancement and enrichment within the TIP.
  
• Aggregate, structure, and load threat-related data from a variety of feeds—internal, open-source, and dark web—into the TIP and security tools.
  
• Design data dashboards to visualize threat intelligence based on tags, types, confidence scores, and severity levels.
  
• Analyze current cyber threat trends, including TTPs (tactics, techniques, and procedures), and contribute to threat assessments using frameworks like MITRE ATT&CK and Cyber Kill Chain.
  
• Develop and improve the processes and standards used for threat intelligence collection, correlation, and analysis.
  
• Conduct in-depth research and technical assessments using established threat intel methodologies and industry standards.
  
• Create and present analytical outputs, trend reports, and visual summaries (charts, graphs, infographics) to senior leadership.
  
• Support SOC/CIRC teams with timely, relevant threat intelligence in response to active investigations.
  
• Manage and maintain VPN infrastructure and mail servers used for alerting, reporting, and automated communications.
  
• Build and nurture professional connections across threat intelligence communities to support collaboration and information sharing.
  
• Contribute to the definition of team OKRs (Objectives and Key Results) and help shape measurable performance metrics.
  

 

Required Skills & Expertise

• Strong knowledge of the Software Development Life Cycle (SDLC) and how to apply it in a cybersecurity context.
  
• Proficiency in Python for scripting and automation; familiarity with other programming languages such as Perl, PHP, Java, .NET, and C.
  
• Working experience with JavaScript/JQuery web clients, relational databases (e.g., PostgreSQL, MySQL), and NoSQL databases (e.g., MongoDB, Elasticsearch, DocumentDB).
  
• Familiar with STIX/TAXII standards and how they integrate with threat intelligence tools.
  
• Sound understanding of network security principles, including threat detection, event monitoring, and risk analysis.
  
• Strong knowledge of Windows and Linux networking environments.
  
• In-depth understanding of cybersecurity principles, common attack vectors, zero-day threats, and exploitation techniques.
  
• Solid grasp of the threat intelligence lifecycle: from collection and processing to analysis and dissemination.
  
• Ability to work with structured and semi-structured data formats like JSON, YAML, XML, CSV, and Parquet, and perform data transformations between them.
  
• While a degree in a technical field is welcome, practical experience and relevant skills are more important.
  

 

Day-to-Day Expectations

• Work in Agile sprints, keeping up with project timelines and adhering to development standards.
  
• Tackle a wide range of tasks—from building new services and features to system migrations—requiring an adaptable, problem-solving mindset.
  
• Take on challenges involving unfamiliar technologies, demonstrating a willingness to "figure it out" as you go.
  
• Contribute to product enhancements and automation efforts that improve threat detection and response capabilities.
  

 

Preferred Qualifications

• Strong background in software development within security operations environments.
  
• Experience analyzing advanced cyber threats and mapping them to known frameworks (e.g., MITRE ATT&CK).
  
• Familiarity with cloud infrastructure, services, and cybersecurity operations in cloud environments.
  
• Hands-on experience with threat intelligence automation, collection, enrichment, and TIP integrations.
  
• Comfortable working with TLP (Traffic Light Protocol) classifications and responsible information dissemination.
  
• Experience building internal tools or custom solutions to strengthen cyber threat intelligence operations.
  
• Previous work in financial sector security operations is a plus.
  
• Technical exposure to tools and platforms such as:
  

• MongoDB, Snowflake, Redis (caching systems)
  
• Messaging systems like Apache Kafka or RabbitMQ
  
• TIPs and SOAR platforms