Posted16th Sep, 2020
Employment typeRegular - Full Time
Travelport is the only true travel commerce platform in the world. We are specialist solution providers and are committed to building leading technology that makes the experience of buying and managing travel continually better for the global travel and tourism industry. Come and be part of our mission to make sure that every trip is powered by Travelport…
Are you looking for a role where you can get plugged in and prosper in a varied environment? Do you feel passionate about providing multiple executive support? If so, then we could be the place for you.
As a Sr Cyber Security Engineer at Travelport, you can thrive in the exciting world of Travel Tech.
- Analyze, consult, and champion the secure design and implementation of new and existing Travelport products and applications;
- Support secure coding efforts in coordination with development teams involving continuous integration, manual code reviews, automated code scans using security analysis tools to identify vulnerabilities in source code, prioritize those vulnerabilities, propose solutions, and then coordinating remediation with development team;
- Perform on-going security testing and code review and coordinate remediation efforts with development teams;
- Conduct hands-on security testing, analyze test results, document risks, and recommend mitigating controls;
- Perform in the role of subject matter expert on security projects and processes (i.e., data protection, identity management, vulnerability management, etc.);
- Contribute to the development and maintenance of information security strategy, policies and procedures;
- Support development and operation of information security processes and procedures;
- Perform security design review, threat modeling and architectural/system security assessments to ensure that solutions are being designed with a minimal degree of technical risk;
- Drive and manage information security projects, including use case and requirement development, technology evaluations, technology recommendations, and product implementation / support
- Participate in the Incident Response process;
- May be called upon to act in the role of a security architect on an application or infrastructure project;
- Provide support in the enforcement of Cyber Security Policies;
- Interface with IT Risk Management, Audit, and the Privacy Office at Travelport to coordinate related policy and procedures, and to provide for the appropriate flow of information regarding risk treatment at Travelport;
- Liaison with business units within Travelport T to manage IT compliance with National and International laws and regulations, as well as contractually enforced industry standards.
EDUCATION & EXPERIENCE/SPECIAL SKILLS/TECHNOLOGIES/TOOLS REQUIREMENTS
- Bachelor’s degree Computer Science, Management Information Systems, Information Security or related field plus 5 years of experience years in Software Security, Information Security Governance, Privacy and Regulatory Compliance, or Cyber Security.
- 3+ years of experience with software development lifecycle and the software development techniques
- 3+ years of experience with PCI compliance and remediation, data protection and risk assessments
- Considerable expertise with application/software security procedures, performing software or application assessments, and assisting development teams with software vulnerability remediation
- Considerable experience with obtaining and reviewing all required artifacts as part of go/no go analysis at security checkpoints
- Must possess in-depth, hands-on experience with two or more of the following: Java, C, C++, C#, ASP.Net, Swift, Objective C, Kotlin, Groovy
- Considerable knowledge and experience with both dynamic testing and static code analysis tools such as Whitehat, Fortify, WebInspect, Checkmarx, Veracode, etc.
- Proficient knowledge and experience with open-source software platforms, open source development tools, open source composition analysis tools
- Experience with the PCI Data Security Standard with a concentration on web application security testing methods and controls
- Experience with offensive security analysis tools and tactics
- Must be proficient with cloud platforms and microservices architecture
- Must be proficient with network and security controls including firewalls, WAFs, IDS/IPS, VPN, DLP and SIEM
- Ability to discover anomalies, trends, and potential threats within software and, specifically, with experience of performing software security audits
- Must be proficient with operating system security controls to design and conduct penetration testing against Windows, Linux, Unix and OSX platforms
- Must have thorough understanding of vulnerability detection / management, risk assessment and incident response processes;
- Must possess excellent verbal and written communication decision-making, interpersonal and analytical skills
- Ability to manage multiple projects and tasks simultaneously
- Must demonstrate the ability to work effectively in a technical environment and be a positive member of a collaborative team
- CISSP or equivalent certification
- Application or software security certifications are preferred, such as CSSLP, GIAC GWEB, GWAPT, GSSP-Java, GSSP-.NET etc.
- Travel industry experience preferred