Sr Specialist – Information Security

Job Title

Responsibility & Key Result Areas:

• Represent CISO organization and in particular the Application Security Office, in Bangalore, relaying important security objectives, requirements, and information to R&D in BLR
• Should be from core application software development or DevSecOps background and should have extensive development, designing & DevSecOps skill. Should be leading the one or more development / implementation initiatives for Application Security Office.
• As DevSecOps & Secure SDL Senior Specialist, Lead build, implementation and deployment of the Secure Development Lifecycle activities in CI/CD pipeline, Assist in security assessments of new architecture and technology.
• Will have hands on experience in Secure SDLC including DevSecOps, Threat Modelling, Web Application Scan, Static & Binary Scan, Vulnerability assessment and triaging and Security Testing.
• Should provide expertise and consultancy on SCM like GitHub, BitBucket, Jenkins etc and security tools like Burpsuite, Qualys WebApp Scan, Blackduck, Prisma scanner, Fortify SSC, sonarcube, Checkmarx and other static/dynamic analysis tools
• Should have exposure or ability to learn application security concepts not limited to CIA triad, OWASP Top 10 Vulnerabilities, OAuth, SAML, JWT, Cryptography and other advanced security concepts
• Perform or assist in performing security assessments for new architectures and technologies, providing expert guidance on potential security risks.
• Analyse, support and validate Security requirements with the purpose of continuously improving our services.
• Support and help in conducting regularly MOCK PCI-DSS & GDPR compliance audits and provide consultancy as required in order to maintain certifications, compliance certificates and adherence to standards and compliancy requirements.
• Ensure Compliance loopback channel to the organization with excellent coordination and communication between stakeholders within the organization.
• Play the role of Security Product Owner/Scrum Master/Facilitator for App Security Agile Scrum / Kanban Team.
• Interface with the rest of the organization with the purpose to collect areas of improvement and transform/enrich them in a way meaningful to the expected providers.
• Understand the environment in sufficient details to solicit, suggest, validate and prioritize innovative ideas and/or requirements that will improve the Security services provided by the organization.
• Ensure project deliverables are delivered to the quality and schedule committed as per project management plan.
• Ensure accurate and effective communication and reporting of key security indicators (KSI) to all relevant stakeholders.
• Help animating R&D community of Security Whitehats and build internal security expertise. Assist in creating a security culture and provide input to HR Training for security trainings.
• Provide formalised but pragmatic security standards, guidelines and recommendations, in collaboration with other security offices
• Raise alerts and find solutions, communicate and report to internal and external stakeholders

Competencies:

• The right candidate will have total 9 to 12 years of experience in software development design & development/coding and engineering practices along with extensive experience in DevSecOps and product secure development lifecycle (Secure SDL)  and methodologies implementation & governance.
• Good knowledge of infrastructure as code, end-to-end fully-automated CI/CD pipelines, from code commits to production and security of repositories (like GitHub, BitBucket etc), pipelines, build/release tools (like Jenkins, GitHub actions etc) and methodologies in CI/CD pipelines.
• Proficiency in scripting, including Python, Groovy, Helm, shell scripts, Perl etc to support the automation and continuous improvement of processes
• Hands on experience in DevSecOps, Secure SDLC including Threat Modeling, Vulnerability assessment. Security Testing, Security Scans and Security compliance like PCI-DSS/GDPR/ISO. Exposure on Webservices( SOAP/ REST) security assessment will be a definite plus
• Experience in full DevSecOps CI/CD pipeline, Agile methodology, container security, APIs, and microservices.
• Knowledge of OWASP Top10, SANS Top25, CWE and CVE / Mitre, along with hands-on practical experience in development & testing for vulnerabilities and implementing remediation.
• Should have good exposure in Burpsuite, Qualys WebApp Scan, Blackduck, Prisma scanner, Fortify SSC and other static/dynamic analysis tool
• Good understanding on all security areas like CIA Triad, Authentication, Authorization, Session Management, Cryptography, Data Validation, Error Handling, Confidentiality /Integrity / Availability / Authentication / Authorization / Auditing / Logging etc...
• Should have good experience in other areas of Secure SDLC
• Investigate (potential) attacks, assess exploitability and risk exposure, and propose mitigation
• Security certifications such as CEH, CDP, CDE, CSSLP, CISSP, CCSP etc are a plus.

Soft Skills:

• Multi-cultural approach, and ability to interface with all levels of the organization
• Strong analytical, conceptual and problem solving skills
• Accountability and reliability, personal involvement
• Pro-activity, initiative, and autonomy
• Independent work ethic

Diversity & Inclusion

Amadeus aspires to be a leader in Diversity, Equity and Inclusion in the tech industry, enabling every employee to reach their full potential by fostering a culture of belonging and fair treatment, attracting the best talent from all backgrounds, and as a role model for an inclusive employee experience.  

Amadeus is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to gender, race, ethnicity, sexual orientation, age, beliefs, disability or any other characteristics protected by law.