Exposure Management Technical Expert - Penetration Testing Focus | Madrid

Role description We are looking for the very Top Talent…and we would be delighted if you were to join our team!

More in details, UST is a multinational company based in North America, certified as a Top Employer company with over 35.000 employees all over the world and presence in more than 30 countries. We are leaders on digital technology services, and we provide large-scale technologic solutions to big companies.

What are we looking for?

We’re looking for an Exposure Management Technical Expert. You will join a strategic project with a global client in the wealth management sector

As an Exposure Management Technical Expert within our Security Compliance Competence Centre (SCCC) in Madrid, you will play a key hands-on role in strengthening our proactive security testing program.

Acting as an internal penetration testing specialist, you will:

• Validate external security findings
• Ensure technical quality and reproducibility of deliverables
• Support the scoping and execution of penetration testing engagements

You will collaborate closely with Exposure Managers, application and technology teams, and external vendors to ensure consistent and high-quality testing practices across the organization.

Key Responsibilities

Penetration Testing \& Validation

• Reproduce and validate vulnerabilities and their remediation using tools such as Burp Suite and Nmap
• Apply manual and automated techniques across web applications, APIs, and infrastructure

Technical Quality Assurance

• Review penetration testing reports to ensure:
• • Accuracy
  • Completeness
  • Clarity
  • Reproducibility of findings

Scoping \& Advisory

• Support risk-based scoping of penetration testing engagements
• Act as a technical advisor on:
• • Security testing methodologies
  • Findings interpretation
  • Remediation strategies

Security Standards \& Best Practices

• Ensure alignment with:
• • OWASP Testing Guide
  • OWASP Top 10
  • Internal security standards

False Positive \& Risk Management

• Analyze reported vulnerabilities and identify false positives
• Ensure correct classification and prioritization

Remediation \& Hardening

• Provide technical guidance to development and infrastructure teams
• Collaborate with architects on secure and resilient baseline configurations

Collaboration \& Knowledge Sharing

• Work closely with Exposure Managers and global technical teams
• Share insights, patterns, and lessons learned to improve internal practices
• Support consistent execution across all penetration testing activities

Your Profile

Required Qualifications

• Bachelor’s degree in Computer Science, Information Security, or equivalent experience
• 3–5 years of hands-on experience in:
• • Penetration testing
  • Application security
  • Vulnerability assessment
• Strong experience with web application security testing tools (e.g., Burp Suite)
• Solid understanding of:
• • OWASP Top 10 vulnerabilities
  • Exploitation techniques
• Ability to:
• • Read, understand, and reproduce penetration testing findings
  • Communicate technical topics to non-technical stakeholders
• Knowledge of:
• • HTTP/S protocols
  • Authentication mechanisms
  • Modern web architectures (APIs, microservices)
• Strong analytical and problem-solving skills
• Professional proficiency in English and Spanish
• Eligibility to work in Spain

Nice to Have

• Certifications such as:
• • OSCP, eWPT, CEH, GWAPT, Burp Suite Certified Practitioner
• Experience:
• • Reviewing third-party security reports
  • Working with external testing vendors
  • Infrastructure/network penetration testing
  • Secure code review or secure development practices
• Programming/scripting skills (e.g., Python, JavaScript)
• Experience in financial services or regulated environments
• Familiarity with DevSecOps or CI/CD security integration
• German language skills

Location: Hybrid. Madrid city center (Sol area). 3 days a week in the office.

What can we offer?

• 23 days of Annual Leave plus the 24th and 31st of December as discretionary days!
• Numerous benefits (Health Care Plan, teleworking compensation, Life and Accident Insurances).
• `Retribución Flexible´ Program: (Meals, Kinder Garden, Transport, online English lessons, Health Care Plan…)
• Free access to several training platforms
• Professional stability and career plans
• UST also, compensates referrals from which you could benefit when you refer professionals.
• The option to pick between 12 or 14 payments along the year.
• Real Work Life Balance measures (flexibility, WFH or remote work policy, compacted hours during summertime…)
• UST Club Platform discounts and gym Access discounts

If you would like to know more, don’t hesitate to apply and we’ll get in touch to fill you in detail. We are waiting for you!

In UST we are committed to equal opportunities in our selection processes and do not discriminate based on race, gender, disability, age, religion, sexual orientation or nationality. We have a special commitment to Disability \& Inclusion, so we are interested in hiring people with disability certificate.

Skills

penetration testing,penetration testing reports,exposure management,application security testing,

About UST

UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world’s best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients’ organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact—touching billions of lives in the process.