We’re Adevinta, a global leader in digital marketplaces. Our household name brands, including Marktplaats in the Netherlands, mobile.de in Germany and leboncoin in France, reach hundreds of millions of people every month.

We’re all about matchmaking, and our sites help people find whatever they’re looking for in their local communities – whether it’s a car, an apartment, a sofa or a new job. Every connection made or item found makes a difference by creating a world where people share more and waste less.

Our brands are supported by global Tech Hubs in Barcelona, Amsterdam, Paris and Berlin. Their goal is to develop common global products and innovation platforms which all of our brands can use. This means using cutting edge technology to create highly scalable, customisable and secure products and components that free up development time and leverage our access to global data.

What you’ll do ​& Who you are

As a Vulnerability Management Tech Lead, you will provide senior technical leadership for Adevinta’s Vulnerability Management Team (VulMa). You will define and evolve the technical architecture, drive complex integrations and automation at scale, and act as the primary technical reference for the most challenging vulnerabilities. You will combine hands-on engineering with strategic technical influence: architecting solutions, mentoring engineers, shaping technical standards and ensuring our Vulnerability Management System (VMS) is robust, observable and aligned with Adevinta’s security objectives.

What you will do:

• Define and evolve the technical vision and architecture for the VMS, translating product and security strategy into a coherent, scalable engineering roadmap.

• Design and deliver complex integration and automation patterns across the vulnerability ecosystem, including secure API designs, reusable service-account and credential patterns, resilient CI/CD pipelines, canonical data schemas and platform observability.

• Operate and improve the VMS end-to-end: maintain asset inventories, author and maintain automations for ingestion and remediation, coordinate validations and retests, tune detection and triage flows, and produce operational runbooks and SLAs that ensure reliability.

• Lead high-impact technical initiatives and remove technical roadblocks for the team.

• Plan, execute and evaluate internal penetration tests and red-team exercises — defining scope and success criteria, performing senior-level assessments to validate controls and detection/response, driving root-cause analysis into durable remediations with clear verification criteria, and mentoring engineers to improve testing and response.

• Act as the technical authority on complex vulnerability investigations, threat modelling, countermeasure validation and red-team exercises, providing senior-level analysis and remediation guidance.

• Mentor and coach engineers — raising technical standards through design reviews, code review feedback, shared libraries and platform patterns — while contributing significant hands-on code and automation.

• Own the technical approach to telemetry and detection engineering: define data contracts, ensure event quality, guide detection rule design and measure detection efficacy.

• Perform vendor and platform evaluations from a technical perspective: define evaluation criteria, run proof-of-concepts, validate operational fit and advise procurement with technical recommendations.

• Define the VMS measurement model and lead technical efforts that deliver high-quality dashboards and signals (coverage, time-at-risk, remediation MTTR, noise, detection quality) used by security leadership.

• Represent the technical voice of Vulnerability Management in cross-functional architecture reviews and be a pragmatic technical partner to Cloud Defense, Incident Response, Governance and product engineering teams.

• Work in a hybrid remote / on-site model in Barcelona and may be required to travel occasionally within the EU.

Who you are:

• A senior engineer with proven technical leadership in production security systems or closely related infrastructure services.

• An experienced systems thinker: you design resilient, observable and scalable architectures and can evaluate tradeoffs between reliability, cost and speed of delivery.

• Hands-on and fluent in implementing secure integration patterns, APIs, service-account architectures, CI/CD automation and production-grade orchestration; you write and review production code and automation confidently.

• Deeply versed in vulnerability management, detection engineering and incident response at scale: you understand scanning workflows, threat modelling, validation and remediation pipelines.

• Strong in cloud security and operations across public cloud environments and familiar with identity & access constructs, org-level guardrails and secure account architectures.

• Skilled at translating complex telemetry into detection logic and measurable detection KPIs.

• Experienced in partnership and influence: you can drive technical change across multiple teams, present complex technical tradeoffs clearly, and gain alignment without direct authority.

• A mentor who raises the bar for delivery quality through design reviews, documentation and reusable engineering patterns.

• Metrics-driven and comfortable owning technical success criteria, dashboards and SLAs for operational systems.

• Fluent in English (spoken and written).

• Comfortable in a multicultural environment.

6148523063484d364c79397a5a57

4e31636d6c306553316c59584e30

5a5849745a57646e4c6e4d7a4c57

56314c58646c633351744d533568

625746366232356864334d755932

39744c3256680a6333526c636c39

6c5a326375644746794c6d64360a

Nice to have:

• Practical experience in threat modelling and translating models into mitigations and testable countermeasures.

• Practical experience implementing Secure Development Lifecycle (SDL) practices and developer enablement.

• Practical incident-response experience (IR playbooks, tabletop exercises, coordinating investigations and post-incident remediations).

• Hands-on experience with supply-chain and dependency management (creating and consuming SBOMs, automated dependency scanning and remediation).

• Proven experience planning and evaluating internal penetration tests and red-team exercises.

• Active participation in security communities or recognised vulnerability work (bug-bounty programs, CTFs, open-source contributions, CVEs or Hall-of-Fame recognition).

• Relevant industry certifications or advanced formal training.

Context & opportunities

Adevinta is scaling during a company restructure and localisation under new ownership. The organisation is multinational and composed of multiple product companies and legal entities, with diverse technology stacks, varied security maturity levels and evolving priorities as localisation and scale progress.

At Adevinta, you will have the following opportunities:

• Multinational environment — chance to shape cross-regional practices and data contracts, and gain experience with cross-cultural and regulatory constraints.

• Multiple companies with different contexts — opportunity to design marketplace-aware ownership models and procurement-friendly approaches that work across varied business needs.

• Multiple technological stacks — scope to build canonical integration patterns and pragmatic adapters that enable interoperability across heterogeneous systems.

• Different maturity levels — room to deliver reusable components, runbooks and baseline metrics that accelerate teams at different stages of maturity.

• Changing environment — experience making pragmatic trade-offs, delivering resilient solutions and operating effectively amid shifting priorities.

• Future localisation and building at scale — opportunity to architect localisation-friendly, scalable automation and platforms that enable durable, enterprise-wide growth.

Benefits

Life at Adevinta comes with its perks! Our Adevintans enjoy the following benefits:

• An attractive Base Salary 💸

• Participation in our Short-Term Incentive plan (annual bonus) 🏆

• Work From Anywhere: Enjoy up to 20 days a year of working from anywhere! Maybe not from the moon🌛well why not! just make sure you have internet connection! 🌍

• A 24/7 Employee Assistance Program for you and your family, because we care ❤️‍

• Win together, lose together is one of our key behaviours. At Adevinta you will find a collaborative environment with an opportunity to explore your potential and grow 🌱

On top of these, we also provide a range of locally relevant benefits. Wanna know more? Apply and ask our recruiters! ✨

Adevinta is an equal opportunity employer and we value diversity. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status or disability status.

If you feel like you don’t meet all of the requirements for this role but are interested, please consider applying anyway. Research suggests that women and individuals from underrepresented groups may self-select out of opportunities if they don’t meet 100% of the job requirements. We strongly encourage people from historically excluded groups to apply and look forward to speaking with you.