Auto req ID: 6680BR
Employee type: Regular - Full Time
Travelport is the only true travel commerce platform in the world. We are specialist solution providers and are committed to building leading technology that makes the experience of buying and managing travel continually better for the global travel and tourism industry. Come and be part of our mission to make sure that every trip is powered by Travelport…
Are you looking for a role where you can get plugged in and prosper in a varied environment? Do you feel passionate about providing multiple executive support? If so, then we could be the place for you.
As a Sr Application Security Engineer at Travelport, you can thrive in the exciting world of Travel Tech.
Detailed job duties:
- Analyze, consult, and champion the secure design and implementation of new and existing Travelport products and applications;
- Support secure coding efforts in coordination with development teams involving continuous integration, automated code scans using security analysis tools to identify vulnerabilities in source code, prioritize those vulnerabilities, propose solutions, and then coordinating remediation with development team;
- Perform on-going security testing and code review and coordinate remediation efforts with development teams;
- Conduct hands-on security testing, analyze test results, document risks, and recommend mitigating controls;
- Perform in the role of subject matter expert on security projects and processes (i.e., data protection, identity management, vulnerability management, etc.);
- Creation and operation of information security processes and procedures;
- Drive and manage information security projects, including use case and requirement development, technology evaluations, technology recommendations, and product implementation / support
- Participate in the Incident Response process;
- May be called upon to act in the role of a security architect on an application or infrastructure project;
- Development and enforcement of Cyber Security Policy;
- Interface with IT Risk Management, Audit, and the Privacy Office at Travelport to coordinate related policy and procedures, and to provide for the appropriate flow of information regarding risk treatment at Travelport; and
- Liaison with business units with Travelport to manage IT compliance with National and International laws and regulations, as well as contractually enforced industry standards.
Education & experience/special skills/technologies/tools requirements
- Bachelor’s degree Computer Science, Management Information Systems, Information Security or related field plus 5 years of experience years in Information Security Governance, Privacy and Regulatory Compliance, or Cyber Security.
- 3+ years of experience with software development lifecycle and the software development techniques
- 3+ years of experience with PCI compliance and remediation, data protection and risk assessments
- Considerable experience with application/software security procedures, performing software/application assessments, and assisting development teams with software vulnerability remediation.
- Must possess in-depth, hands-on experience with one of the following: Java, C, C++, C#, ASP.Net, Swift, Objective C, Kotlin
- Considerable knowledge and experience with both dynamic testing and static code analysis tools such as Whitehat, Fortify, WebInspect, Checkmarx, Veracode, etc.
- Proficient knowledge and experience with open-source software platforms, open source development tools, open source composition analysis tools
- Must be proficient with cloud platforms and microservices architecture
- Must be proficient with network and security controls including firewalls, WAFs, IDS/IPS, VPN, DLP and SIEM
- Ability to discover anomalies, trends, and potential threats within software and, specifically, with experience of performing software security audits
- Must be proficient with operating system security controls to design and conduct penetration testing against Windows, Linux, Unix and OSX platforms
- Must have thorough understanding of vulnerability detection / management, risk assessment and incident response processes;
- Must possess good verbal and written communication decision-making, interpersonal and analytical skills; and
- Must demonstrate the ability to work effectively in a technical environment and be a positive member of a collaborative team.
- CISSP or equivalent certification
- Application or software security certifications are preferred, such as CSSLP, GIAC GWEB, GWAPT, GSSP-Java, GSSP-.NET, etc.
What’s in it for you?
You will receive a competitive salary & benefits package accompanied with the opportunity to work in a fast-paced, dynamic and progressive organisation that cares about its people and promotes innovation.
We are an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.