Role based in Barcelona - 3 days office/2 days home

As a Cybersecurity Operations Engineer at Evinova, you will play a key role in strengthening our operational security posture by leading hands-on technical activities across detection engineering, incident response, and cloud security. You will work within the Cybersecurity Operations function to ensure continuous monitoring, visibility, and control across cloud, SaaS, and enterprise platforms.

The role focuses on the operation and optimization of our SIEM and SOAR platforms (Splunk Cloud Enterprise Security and Splunk SOAR), integrating critical data sources from AWS, Microsoft 365, and SaaS environments, and developing high-fidelity detections that enable proactive threat response. You will also provide technical leadership supporting IT, Infrastructure, and Cloud teams in implementing hardening standards, configuration validation, and secure-by-design practices.

Success in this role means maintaining strong visibility across our digital landscape, driving automation for detection and response, and ensuring that cloud and endpoint platforms remain protected and compliant with Evinova´s cybersecurity standards and global frameworks such as ISO 27001, SOC 2, and NIST CSF.

This position is ideal for a technically skilled cybersecurity professional who thrives in a fast-paced global environment and enjoys solving complex operational challenges while contributing directly to securing Evinova´s digital health platforms.

Key Responsibilities:

Security Monitoring and Detection Engineering

- Maintain and operate the organization´s SIEM and SOAR platforms (Splunk Enterprise Security and SOAR) to ensure continuous, reliable, and scalable security monitoring.

- Develop and manage log source integrations across cloud and SaaS environments including infrastructure, applications, identity providers, and endpoints.

- Collaborate with the external SOC on rule tuning, enrichment mapping, and validation of false-positive reduction efforts.

- Create and maintain dashboards, reports, and visualizations to support SOC operations, threat hunting, and management visibility.

- Monitor and optimize SIEM ingestion performance, ensuring efficient parsing, filtering, and normalization of logs to control license consumption.

- Conduct periodic use-case reviews to ensure alignment with the evolving threat landscape, business priorities, and technology stack.

Incident Response and Operations Support

- Collaborate with the Security Operations, Incident Response, and Threat Intelligence teams to improve detection coverage and response playbooks.

- Provide tier-3 support during incident investigations, including forensic data extraction and SIEM correlation analysis.

- Participate in on-call escalation for critical incidents requiring Splunk or SOAR expertise.

- Support IT and Cloud teams during investigations involving phishing, account compromise, or insider risk events.

- Collaborate on technical implementations of security controls and alerting mechanisms within cloud and SaaS platforms integrated into the SIEM and SOAR environment.

Automation and Continuous Improvement

- Automate repetitive processes and data enrichment using scripting (Python, PowerShell) or integrations with SOAR and third-party APIs.

- Support automation of compliance evidence collection, aligning outputs with ISO 27001 and SOC 2 control families.

- Evaluate and recommend improvements to SIEM architecture, detection capabilities, and enrichment logic in coordination with the Director of Cybersecurity Operations.

- Contribute to the roadmap and maturity development of Evinova´s security monitoring and detection engineering functions.

- Support the development of operational runbooks, standard operating procedures, and integration documentation for SecOps processes.

Minimum Qualifications:

- Bachelor´s degree in Cybersecurity, Management / Business Information Systems, Computer Science, or a related field.

- 4+ years of experience in cybersecurity roles.

- 2+ years of experience working with SIEM platforms (preferably Splunk ES and MS Sentinel).

- Familiarity with cybersecurity guidance, frameworks, and standards such as ISO 27001, SOC 2, or CIS Controls.

- Ability to work cross-functionally with engineering, product, and legal teams.

- Proactive, curious, and eager to learn in a fast-paced, evolving environment.

- Strong understanding of log management, event correlation, and alerting principles.

- Proficiency in developing and tuning detection rules, dashboards, and reports.

- Knowledge of security operations, incident response, and threat detection workflows.

- Scripting ability in Python, PowerShell, or similar for automation and data enrichment.

- Understanding of the MITRE ATT&CK framework and its application in detection engineering.

- Strong analytical, troubleshooting, communication, and documentation skills.

- Fluency in English (written and spoken).

Desired Qualifications:

- Experience with SOAR platforms and automated playbook development.

- Hands-on familiarity with endpoint detection and response (EDR) solutions.

- Experience with cloud security environments (AWS, Azure) and related log sources.

- Understanding of vulnerability management and exposure reduction processes.

- Prior experience in a global or distributed Security Operations environment

Evinova delivers market-leading digital health solutions that are science-based, evidence-led, and human experience-driven. Thoughtful risks and quick decisions come together to accelerate innovation across the life sciences sector. Be part of a diverse team that pushes the boundaries of science by digitally empowering a deeper understanding of the patients we´re helping. Launch pioneering digital solutions that improve the patients´ experience and deliver better health outcomes. Together, we have the opportunity to combine deep scientific expertise with digital and artificial intelligence to serve the wider healthcare community and create new standards across the sector.