Information Security Engineer

Job Title

As part of the Self-Service security team, you will be involved or directly accountable for the following activities:

- Technical Function

• Set up security cloud and on-premise infrastructure: AWS network rules, WAFs, security groups, IAM policies, etc.                     
• Set up/update/maintain security alerts using data available from Operational monitoring tools (e.g. SCADA, AgentPortal, PRTG, CloudWatch, RabbitMQ, Elastic, RealTimeHub etc)                                                                                                                
• Implement and enhance security tooling+ automation including automatic alerting and integration to 3rd party tools customized to high tech products
• Company policies: Maintain company security policies
• Source Code Application Scan: Secure code reviews, proper scan tools followed as part of the CI/CD pipeline and tracking of identified issues
• Co-ordinate Penetration Testing: Help Raise and/or co-ordinate pen test per procedure for all product lines handling Personal information, credit cards or other sensitive customer/corporate data.
• Promote Security Culture/Awareness: Promote, advise and raise awareness on security issues to the team.
• Public Attack Surface protection: Help protect Amadeus from new and emerging threats
• Automate the daily manual tasks.
• Helping answer Questionnaires to support tenders and compliance requirements.

- Security Development Lifecycle (SDL)

• Identification of security requirements for various software products
• Manage Security backlog for various software products
• Setup and oversee ongoing Source Code and Binary Scans
• Keep compliance documentation up to date for annual audit and reporting
• Work with Amadeus CISO and BISO teams to complete Attestation of Compliance (AoC).

- Business Knowledge

• Respond to clients security requests in non-standard situations, investigating all the facts.
• Understand the key business drivers and applies this knowledge to own work.
• Respond to tenders for security related questionnaire

- Procedural Knowledge

• Ensure security deliverables meet the required Amadeus quality standards.
• Effectively apply required security procedures and methodologies.
• Knowledge sharing and upskilling of Amadeus staff in security issues

- Working with others

• Work cooperatively to achieve team goals making constructive suggestions to move things forward.
• Build stable and useful working relationships with others outside the immediate area of work.

- Skills Development

• Develop ability to solve complex problems.
• Demonstrate competence in own area, completing own role independently or with minimal supervision/ guidance.
• Continued development of technical capability. 

Experience Required

• 8 years in Software Security as a security analyst/coordinator/engineer. In some or any of the following areas: 
• Some initial security project coordination & planning experience - or involvement with such
• Passion and knowledge about application & infrastructure security
• Software developer security coaching and support for fixing found vulnerabilities in code as well as in the infrastructure  architecture.
• Defensive secure development training delivery
• Secure Development Lifecycle (SDL, SSDLC, BSIMM, OWASP SAMM or other similar) knowledge/awareness & scan-ner/sectools deployment/take-up experience
• Security tool hands on experience (fortigate firewalls, fortify, qualys, protocode, sonarqube are a plus)
• Ability to work in a globally matrixed and complex organization
• 'Managing and setting up cloud-based software infrastructure
• Automation, modern logging, alerting and reporting systems.
• Good communication skills

Diversity & Inclusion

We are an Equal Opportunity Employer and seek to hire the best candidate regardless of age, beliefs, disability, ethnicity, gender or sexual orientation.