Exposure Management Technical Expert - Penetration Testing Focus | Madrid

Role description

We are looking for the very Top Talent…and we would be delighted if you were to join our team!

More in details, UST is a multinational company based in North America, certified as a Top Employer company with over 35.000 employees all over the world and presence in more than 30 countries. We are leaders on digital technology services, and we provide large-scale technologic solutions to big companies.

What are we looking for?

We’re looking for an Exposure Management Technical Expert. You will join a strategic project with a global client in the wealth management sector

As an Exposure Management Technical Expert within our Security Compliance Competence Centre (SCCC) in Madrid, you will play a key hands-on role in strengthening our proactive security testing program.

Acting as an internal penetration testing specialist, you will:

Validate external security findings

Ensure technical quality and reproducibility of deliverables

Support the scoping and execution of penetration testing engagements

You will collaborate closely with Exposure Managers, application and technology teams, and external vendors to ensure consistent and high-quality testing practices across the organization.

Key Responsibilities

Penetration Testing & Validation

Reproduce and validate vulnerabilities and their remediation using tools such as Burp Suite and Nmap

Apply manual and automated techniques across web applications, APIs, and infrastructure

Technical Quality Assurance

Review penetration testing reports to ensure:

Accuracy

Completeness

Clarity

Reproducibility of findings

Scoping & Advisory

Support risk-based scoping of penetration testing engagements

Act as a technical advisor on:

Security testing methodologies

Findings interpretation

Remediation strategies

Security Standards & Best Practices

Ensure alignment with:

OWASP Testing Guide

OWASP Top 10

Internal security standards

False Positive & Risk Management

Analyze reported vulnerabilities and identify false positives

Ensure correct classification and prioritization

Remediation & Hardening

Provide technical guidance to development and infrastructure teams

Collaborate with architects on secure and resilient baseline configurations

Collaboration & Knowledge Sharing

Work closely with Exposure Managers and global technical teams

Share insights, patterns, and lessons learned to improve internal practices

Support consistent execution across all penetration testing activities

Your Profile

Required Qualifications

Bachelor’s degree in Computer Science, Information Security, or equivalent experience

3–5 years of hands-on experience in:

Penetration testing

Application security

Vulnerability assessment

Strong experience with web application security testing tools (e.g., Burp Suite)

Solid understanding of:

OWASP Top 10 vulnerabilities

Exploitation techniques

Ability to:

Read, understand, and reproduce penetration testing findings

Communicate technical topics to non-technical stakeholders

Knowledge of:

HTTP/S protocols

Authentication mechanisms

Modern web architectures (APIs, microservices)

Strong analytical and problem-solving skills

Professional proficiency in English and Spanish

Eligibility to work in Spain

Nice to Have

Certifications such as:

OSCP, eWPT, CEH, GWAPT, Burp Suite Certified Practitioner

Experience:

Reviewing third-party security reports

Working with external testing vendors

Infrastructure/network penetration testing

Secure code review or secure development practices

Programming/scripting skills (e.g., Python, JavaScript)

Experience in financial services or regulated environments

Familiarity with DevSecOps or CI/CD security integration

German language skills

Location: Hybrid. Madrid city center (Sol area). 3 days a week in the office.

What can we offer?

23 days of Annual Leave plus the 24th and 31st of December as discretionary days!

Numerous benefits (Health Care Plan, teleworking compensation, Life and Accident Insurances).

`Retribución Flexible´ Program: (Meals, Kinder Garden, Transport, online English lessons, Health Care Plan…)

Free access to several training platforms

Professional stability and career plans

UST also, compensates referrals from which you could benefit when you refer professionals.

The option to pick between 12 or 14 payments along the year.

Real Work Life Balance measures (flexibility, WFH or remote work policy, compacted hours during summertime…)

UST Club Platform discounts and gym Access discounts

If you would like to know more, don’t hesitate to apply and we’ll get in touch to fill you in detail. We are waiting for you!

In UST we are committed to equal opportunities in our selection processes and do not discriminate based on race, gender, disability, age, religion, sexual orientation or nationality. We have a special commitment to Disability & Inclusion, so we are interested in hiring people with disability certificate.

Skills

penetration testing,penetration testing reports,exposure management,application security testing,

About UST

UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world’s best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients’ organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact - touching billions of lives in the process.