Share this Job




We drive the transformation of the financial markets. That’s why we invest in bright minds, in their ideas, knowledge and development. We do that by combining our best sides.


If you would like to find out why stability makes us so agile, why experience makes us so curious and why empathy makes us so impactful, apply now for the position of



 Senior Offensive Security Expert

Madrid | 100 % | Reference 3303


BME is the infrastructure of all the securities markets and financial systems in Spain and is owned by SIX.

BME is the infrastructure of all the securities markets and financial systems in Spain and is owned by SIX. Our Security Controls Team takes care of penetration tests conducted within SIX & BME. Beside this, we are responsible to prepare and run dedicated red and purple team exercises and lead the bug bounty program. We coordinate remediation actions and support the Information Security Officers to test and assess deep technical matters. Our team is part of the risk organization. As such its core mission is to provide information, awareness, guidance and assistance to reduce the risks. Besides that we are helping to enhance our regulations.



What You Will Do

  • actively managing our approach for red, blue and purple team testing, taking care of penetration tests within SIX & BME worldwide
  • participate in and setting up purple teaming exercises with our Security Operations Center (SOC) and CSIRT Organization and tracking the implementation of the resulting mitigation strategy
  • challenge concepts for security monitoring use cases, set priorities, monitor the coverage, effectiveness and help to mature the use cases along with cyber security frameworks (MITRE ATT&CK / NIST)
  • assess the maturity of our application- and infrastructure-security and our security incident response processes and the security coverage in general (incl. tooling)
  • guide and sharpen the security processes based on outcomes during test experience and perform analyses and ad-hoc technical deep dive assessments
  • use your security knowledge to provide security consultancy and advice to other teams as part of your duties

What You Bring

  • enthusiasm & passion for Offensive Information Security (e.g. on GitHub, Blogs, Twitter, presentations, conference talks, etc.)
  • extensive knowledge in working with and adapting penetration testing software
  • focused on delivering results and a solution-oriented way of working, an open-minded personality, confident communicator and good presentation skills
  • several years of experience as a Penetration Tester or Red Teamer (ideally with certifications such as OSCE, OSCP or similar)
  • excellent written and verbal communication skills in English

If you have any questions, please call German Lopez Arranz at +34 91 709 5771.


For this vacancy we only accept direct applications in English.


Diversity is important to us. Therefore, we are looking to receiving applications regardless of any personal background. 

What We Offer

Flexible Work Models
We trust our employees and offer a work environment that is well-balanced, productive and fosters success. 

Personal Development
You will benefit from a culture of continuous learning and feedback. Your personal growth is supported through an extensive learning offering.

Agile Working Methods 
Whether through scrum or design thinking,
we solve exciting tasks together in teams.