Cyber Defense Engineer - Evinova

Role based in Barcelona - 3 days onsite office / 2 days at home

Evinovadelivers market-leading digital health solutions that are science-based, evidence-led, and human experience-driven. Thoughtful risks and quick decisions come together to accelerate innovation across the life sciences sector. Be part of a diverse team that pushes the boundaries of science by digitally empowering a deeper understanding of the patientswe’rehelping. Launch pioneering digital solutions that improvethe patients’ experience and deliver better health outcomes.Together, we have the opportunity to combine deep scientific expertise with digital and artificial intelligence to serve the wider healthcare community and create new standards across the sector.

The Cyber Defense Engineer atEvinovais positionedas an internal subject matter expert for cyber threat detection, analysis,and response.The successful candidatewill bespecifically accountable for the design, engineering, and operational execution of our cyber threat detection and response capabilities across a globalmulti-cloud environmentand will be exposed to several leading technologies such as Amazon Web Services, Microsoft 365,SalesForce, Splunk Cloud, and several others. 

This roleoperatesas the primary technical escalation point for all cyber threatsidentifiedby our Security Operations Center(SOC)andis responsible forvalidating, investigating, and directing responses to escalated security incidents. This role provides a unique blend of technical detection engineering with threat-informed cyber defense strategy ownership. 

WithEvinovapositioned asa trusted technology partner to Life Sciences and Pharmaceutical Research focused organizations, this role will be exposed to regulated workloads, clinical data, andGxP-relevant systems. Considering our business context, success in this role requires adequate understanding of system assurance principles, data integrity controls, and relevant externalguidance /compliance requirements (e.g., ISO 27001, SOC2, NIST CSF, UK / EU GDPR, etc.). 

This position is ideal for technically skilled cybersecurity professionals who thrive in fastpaced global organizations and enjoy solving complex operational challenges with innovative approaches. In addition to supporting the Cyber Defense pillar, this role will have daily exposure across our entire cybersecurityfunctionand working collaboratively to secureEvinova'sDigital Health Suite.

This position will report directly to theEvinovaHead of Cybersecuritywith a dotted line to the Head of Cybersecurity Engineeringand will have several peers to collaboratewith;ensuring adequate leadership visibility and cross-functional exposure across adjacent cyber domains.If you are a cyber defense pro looking to gaincyberleadershipexperience, this is the perfect role for you. 

Due to thebusiness criticalnature of this role, there may be times whereafter-hourssupport is needed to addresscybersecurityincidents.Evinovacybersecurity is a globally distributed team with team memberslocatedin both the United States and Spain.

Key Responsibilities:

SIEM Platform Management (Splunk Focus)

• Oversee the work of our outsourcedserviceprovider whoprovidesSIEM maintenancesupport

• Provide architectural and operational ownership of Splunk ES as the enterprise detection platform

• Design data ingestion strategies covering cloud telemetry, identities, SaaS services, and system audit logs 

• Engineer compliant data models to normalize security telemetry and enable scalable detection use case development

• Build operational dashboards supporting SOC monitoring, incident tracking, regulatory reporting, and executive cyber risk metrics

• Optimizesearch performance, indexing strategies, and storageutilizationto balance detection depth with cost efficiency

• Integrate third-party and native security tooling into Splunk via APIs, forwarders, and data pipeline engineering

Cloud Detection and Response Architectures (AWS-focused)

• Provide cyber defense telemetry requirements into security architecture reviews for new platforms, applications, and cloud services

• Engineer and operationalize detectionsleveragingnative AWS telemetry sources such as Cloud Trail, Guard Duty, Security Lake, VPC Flow Logs, Cloud Watch, EKS Logs, and others

• Develop detection use cases for IAM privilege escalation, federated identity abuse, cross-account compromise, API misuse, and serverless exploitation

• Monitor containerized and Kubernetes workloads for runtime threats, suspicious process execution, and anomalous network communication patterns

• Partner with Cloud Security peersto define cloud logging standards, retention requirements, and forensic readiness controls
  

Detection EngineeringandThreat Analytics

• Architect, engineer, and operationalize advanced threat detections within Splunk Enterprise Security, including correlation searches, risk-based alerting frameworks, behavioral detections, and anomalysignals aligned to cloud computing threat scenarios

• Design detection logic mapped to the MITRE ATT&CK techniques, cloud threatkillchains, and identity compromise attack paths to ensurecomprehensive adversary coverage

• Build security telemetry correlation across cloud control planes, SaaS platforms, and identity providers such as MicrosoftEntraIDto detect multi-stage intrusion attempts

• Collaborate with our outsourcedSOCto continuously tunelog sources/ detection contentto reduce false positives,eliminatealert fatigue, and improve “signal-to-noise” ratios within theSOCescalation pipelines 

• Utilize threat intelligence feeds to translate emerging adversary Tactics, Techniques, and Procedures (TTPs) into actionable detection use cases and SIEM content updates

• Establish detection lifecycle governance including use case design documentation, testing validation, and performance monitoring 

• Develop “detection-as-code” pipelinesleveragingversion control and CI/CD processes to ensure repeatable and auditable deployment of correlation logic

Threat Detection, Analysis, and Response

• Serve as the Tier 2 / Tier 3 escalationpathfor allrelevant securityalerts and suspicious activity escalated by our SOC

• Conduct deep technical investigations spanning SIEM telemetry,adjacent platforms, cloud logs, identity activity, audit trails, and other forensic artifacts

• Performthreat actor behavior analysis todetermineinitial access vectors, persistence mechanisms, privilege escalation paths, and lateral movement patterns

• Lead threat hunting initiativesleveraginghypothesis-driven and intelligence-driven methodologiesto proactivelyidentifyhidden threats

• Function as a Technical Lead / Incident Responder for confirmed cybersecurity incidentsand directing containment actions that are proportionate withtheincidentseverity

• Coordinate cross-functional response activities across Product Engineering / Platform Operationsand Cybersecurity stakeholders

• Maintain the Cybersecurity Incident Response Playbooks and developing new playbooks for emerging incident types / technologies

• Produce formal investigation reports documenting incident timelines,impactedassets, regulatory exposure risk, and remediation recommendations

• Provide incident briefings summarizing incident severity, business impact, and containment postureto the Head of Cybersecurity, Head of Cybersecurity Engineering, and other relevant leadership stakeholders (including theEvinovaChief Technology Officer)

• Collaborate with Cybersecurity Assurance to document incident root causes, specifically focusing oncontrol failures, detection gaps, andpostureimprovement actions

• Lead cyber crisis simulations and tabletop exercises with adjacent teams in Product Engineering and Platform Operations to ensure operational readiness

HIGHLIGHT THE SKILLS AND CAPABILITIES NEEDED

Minimum Qualifications: 

• Universitydegree in Cybersecurity,Information Security, Computer Science,Information Systems,ora relatedtechnical discipline.

• 6-8+ years of progressive experience in Cybersecurity Operations, Detection Engineering, Cybersecurity Incident Response, or Threat Intelligence functions within global enterprises

• Demonstrated hands-on engineering and operational experience administering and developing detection use cases in Splunk Enterprise Security, including correlation searchers, notable event frameworks, risk-based alerting, and data modelutilization

• Hands on security monitoring and threat detection experience across Amazon Web Services (AWS) environments

• Operational familiarity with cloud native attack vectorsincluding IAM privilege escalation, credential misuse, token compromise, API abuse, and cross-account persistence mechanisms

• Familiarity with SOAR platforms and automation engineering supporting incident response orchestration and alert enrichment

• Demonstrated experience leading or coordinating incident response activities, including containment execution, stakeholder coordination, forensic triage, and post-incident lessons learned

• Proficiencyin SIEM query languages (e.g., SPL, KQL) and log analysis methodologies across various log sources

• Working knowledge of the MITRE ATT&CK frameworkand its application to detection engineering and threat actor simulation
  

Desired Qualifications: 

• Professional certifications in Cybersecurity, Digital Forensics, InformationAssuranceor related technical field (e.g.,CISSP, CCSP, Splunk Certified,GIAC)

• Proven experienceoperatingas an escalation path within a Security Operations or Incident Response function, including leading technical investigations over advanced threats, account compromise, malware intrusions, and cloud security incidents

• Experienceoperatingwithin hybrid SOC delivery models that include managed service providers or outsourced Tier 1 monitoring functions

• Deep engineeringexpertisewithin Splunk Enterprise Security, including detection-as-code pipelines, SIEM optimization, data onboarding, and search performance tuning

• Experience conducting proactive threat hunting operations

• Experience presenting incident findings and detection maturity metrics to security leadership, auditors, and other interested stakeholders

• Experience working within regulated environments such as Financial Services, Life Sciences / Pharmaceutical,and Healthcare

• While notrequired, having priorexperiencewith the Microsoftsecurity ecosystem isan added plus(e.g., Purview, Sentinel, Defender)