Cybersecurity Engineer

BBVA is a global company with more than 160 years of history that operates in more than 25 countries where we serve more than 80 million customers. We are more than 121,000 professionals working in multidisciplinary teams with profiles as diverse as financiers, legal experts, data scientists, developers, engineers and designers.

The Cybersecurity UK & CE team are responsible for the  implementation,  maintenance and improvement of the CIB Corporate Security programme in the UK and CE geographies. As part of the fast-growing CIB Engineering UK & CE Team, we work closely and cross-functionally with our colleagues to deliver exceptional value to the business.

About the job:

Key Responsibilities

Security Operations Support:

• Assist in the application and assurance of endpoint and infrastructure security controls.

• Coordinate with the CERT CIB for incident triage and escalation.

• Support local investigation activities and contribute to evidence gathering where required.

• Validate that monitoring and logging configurations meet corporate expectations.

• Contribute to the improvement of alerting, detection coverage, and control effectiveness.

Security Engineering & Architecture Alignment:

• Provide technical input during system changes and infrastructure projects to ensure alignment with global security standards.

• Support the rollout of security hardening measures and configuration baselines.

• Ensure new technologies adopted in the region meet required control requirements and risk expectations.

• Collaborate with Head Office engineering and architecture teams to address technical risks and propose improvements.
   

• Coordinate regional implementation of global security initiatives and tooling.

• Track progress, risks, dependencies, and follow-up actions across local and global teams.

• Work with IT and business stakeholders to ensure smooth adoption of new controls or processes.

• Produce clear communication on status, risks, and required actions.
   

Compliance, Governance & Reporting:

• Translate global security policies into practical requirements for local teams.

• Support audits by preparing technical evidence and verifying control implementation.

• Contribute data and insights to KPIs, KRIs, and regional reporting.

• Ensure documentation relating to controls and operational processes remains up to date.
   

Training & Awareness:

• Deliver targeted guidance to IT teams on secure configuration, monitoring expectations, and control usage.

• Support wider awareness initiatives in collaboration with Corporate Security.

What are we looking for?

• Approx. 5+ years in cybersecurity engineering, SecOps, infrastructure security, or related technical roles.

• Experience in enterprise or regulated environments is advantageous.
   

• Broad understanding of endpoint, infrastructure, and monitoring controls.

• Ability to interpret security telemetry and assess whether controls are functioning effectively.

• Familiarity with security hardening principles, detection logic, and log management.

• Exposure to cloud or hybrid environments is beneficial but not required — willingness to learn is essential.
   

• Strong coordination and stakeholder management abilities.

• Confidence engaging with technical teams, vendors, and senior stakeholders.

• Clear communication skills, translating technical risks into business-relevant actions.

• Proactive, organised, and comfortable driving follow-up activities.

• Analytical mindset and a willingness to learn new technologies.
   

• A degree in a STEM discipline.

• Relevant certifications (e.g., GIAC, CISSP, or equivalents) are beneficial but not mandatory.

• English proficiency required. Spanish capability is a plus.

Skills: