Information Security Engineer
Bengaluru
Amadeus
Job Title
Information Security EngineerAs part of the Self-Service security team, you will be involved or directly accountable for the following activities:
- Technical Function
- Set up security cloud and on-premise infrastructure: AWS network rules, WAFs, security groups, IAM policies, etc.
- Set up/update/maintain security alerts using data available from Operational monitoring tools (e.g. SCADA, AgentPortal, PRTG, CloudWatch, RabbitMQ, Elastic, RealTimeHub etc)
- Implement and enhance security tooling+ automation including automatic alerting and integration to 3rd party tools customized to high tech products
- Company policies: Maintain company security policies
- Source Code Application Scan: Secure code reviews, proper scan tools followed as part of the CI/CD pipeline and tracking of identified issues
- Co-ordinate Penetration Testing: Help Raise and/or co-ordinate pen test per procedure for all product lines handling Personal information, credit cards or other sensitive customer/corporate data.
- Promote Security Culture/Awareness: Promote, advise and raise awareness on security issues to the team.
- Public Attack Surface protection: Help protect Amadeus from new and emerging threats
- Automate the daily manual tasks.
- Helping answer Questionnaires to support tenders and compliance requirements.
- Security Development Lifecycle (SDL)
- Identification of security requirements for various software products
- Manage Security backlog for various software products
- Setup and oversee ongoing Source Code and Binary Scans
- Keep compliance documentation up to date for annual audit and reporting
- Work with Amadeus CISO and BISO teams to complete Attestation of Compliance (AoC).
- Business Knowledge
- Respond to clients security requests in non-standard situations, investigating all the facts.
- Understand the key business drivers and applies this knowledge to own work.
- Respond to tenders for security related questionnaire
- Procedural Knowledge
- Ensure security deliverables meet the required Amadeus quality standards.
- Effectively apply required security procedures and methodologies.
- Knowledge sharing and upskilling of Amadeus staff in security issues
- Working with others
- Work cooperatively to achieve team goals making constructive suggestions to move things forward.
- Build stable and useful working relationships with others outside the immediate area of work.
- Skills Development
- Develop ability to solve complex problems.
- Demonstrate competence in own area, completing own role independently or with minimal supervision/ guidance.
- Continued development of technical capability.
Experience Required
- 8 years in Software Security as a security analyst/coordinator/engineer. In some or any of the following areas:
- Some initial security project coordination & planning experience - or involvement with such
- Passion and knowledge about application & infrastructure security
- Software developer security coaching and support for fixing found vulnerabilities in code as well as in the infrastructure architecture.
- Defensive secure development training delivery
- Secure Development Lifecycle (SDL, SSDLC, BSIMM, OWASP SAMM or other similar) knowledge/awareness & scan-ner/sectools deployment/take-up experience
- Security tool hands on experience (fortigate firewalls, fortify, qualys, protocode, sonarqube are a plus)
- Ability to work in a globally matrixed and complex organization
- 'Managing and setting up cloud-based software infrastructure
- Automation, modern logging, alerting and reporting systems.
- Good communication skills
Diversity & Inclusion
We are an Equal Opportunity Employer and seek to hire the best candidate regardless of age, beliefs, disability, ethnicity, gender or sexual orientation.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Automation AWS BSIMM CI/CD CISO Cloud Compliance Firewalls IAM Monitoring OWASP Pentesting Qualys RabbitMQ SAMM SCADA SonarQube Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs