At
Principal33
we strive to make happiness at work a reality. Because it's not just about the money, it's also about the work environment and appreciation. It's about creating the best team setup you can imagine and getting involved in the things you're passionate about. And you can be a part of it, because it's fun to get things done
We want our employees to innovate and we allow them to do what they are truly passionate about. Based on this conviction, Principal33 aligns its strategy around its vision: to become a leading IT service company and a better working-life balance. With currently over 200 employees from different countries, we are actively shaping the future of work.
Key Responsibilities:
Technical Leadership & Architecture
* Act as the senior technical authority for server security across Windows and Linux platforms
* Define and maintain secure server architecture standards and patterns
* Lead the design and implementation of secure, scalable server solutions
* Provide expert guidance on security risks, mitigations, and architectural trade-offs
* Review and approve technical designs from junior engineers and project teams
Server Security & Hardening
* Design, build, and maintain hardened server environments aligned to CIS, NIST, and ISO 27001 standards
* Ensure secure configuration of operating systems, middleware, and core infrastructure services
* Lead implementation of privileged access management (PAM) and secure service account practices
* Own and continuously improve server security baselines
Vulnerability & Patch Management
* Own the server vulnerability management lifecycle, from discovery to remediation
* Lead prioritisation and remediation of critical and high-risk vulnerabilities
* Define patching strategies, maintenance windows, and exception processes
* Work with Security Operations and Risk teams to manage residual risk and risk acceptance
Identity, Access & Authentication
* Lead secure integration with identity platforms (e.g. Active Directory, Azure AD, LDAP)
* Design and enforce least-privilege access and role-based access controls
* Implement advanced authentication methods including MFA, certificates, and conditional access
* Review and improve access governance processes
Monitoring, Incident Response & Threat Mitigation
* Design and maintain server security monitoring, logging, and alerting strategies
* Integrate server platforms with SIEM and SOC tooling
* Act as a senior escalation point during security incidents
* Lead root cause analysis and post-incident improvement actions
Cloud & Hybrid Security
* Secure server workloads across cloud platforms (Azure, AWS) and hybrid environments
* Define security controls for virtual machines, containers, and infrastructure services
* Champion infrastructure-as-code and automation with security embedded by default
* Work with Cloud and Architecture teams on Zero Trust and modern security models
Governance, Compliance & Continuous Improvement
* Support audits and regulatory requirements (e.g. ISO 27001, SOC 2, GDPR)
* Produce and maintain security standards, technical documentation, and runbooks
* Identify opportunities to improve tooling, automation, and operational efficiency
* Contribute to security roadmaps and strategic initiatives
Mentoring & Collaboration
* Mentor and support junior and mid-level engineers
* Promote security best practices across infrastructure and engineering teams
* Communicate complex technical risks clearly to non-technical stakeholders
Requirements:
Must-Have Qualifications
* Extensive experience securing enterprise Windows and Linux server environments
* Strong expertise in server hardening, vulnerability management, and patching
* Deep knowledge of Active Directory, identity integration, and access controls
* Experience leading complex technical initiatives and resolving high-severity incidents
* Strong understanding of enterprise security frameworks and best practices
* Proven ability to influence, mentor, and lead technically
Desirable
* Strong experience with Azure and/or AWS server security
* Automation and scripting skills (PowerShell, Bash, Terraform, ARM, etc.)
* Experience with SIEM, EDR, and endpoint/server protection platforms
* Knowledge of Zero Trust architectures and cloud-native security controls
* Experience securing containerised workloads (Docker, Kubernetes)
Qualifications & Certifications (Desirable)
* Microsoft, Linux, or Cloud certifications (e.g. AZ-104, AZ-500, RHCE)
* Security certifications such as CISSP, Security+, GIAC
* ITIL or similar service management qualifications
Personal Attributes
* Strong security mindset with excellent attention to detail
* Confident decision-maker and technical leader
* Calm and effective under pressure, particularly during incidents
* Clear communicator with the ability to influence senior stakeholders
* Proactive, adaptable, and committed to continuous improvement
What we offer
Benefits
* Fulltime employment or contractor based
* Day off on your birthday
* Referral bonus if you bring your contacts
* Gifts for special occasions
* 1 free week per year at our company apartment in sunny Valencia, Spain
* International and multicultural environment
(Self)-Development
Continuous training, we will help you improve your technical skills, evolve in the tech community and develop as a professional.
We are an active part of the tech-community. You may have the opportunity to attend and participate in local and international tech-events.
Wanna join?