Contribute to application security in Amadeus Travel Channels Technical Delivery Services (TDS) with a focus on providing support to developers implementing the secure development lifecycle and monitoring security compliance.
Security By Design
Drive security activities in APAC, ensuring that all development is done following the Secure Development Lifecycle. This typically involves risk assessments, facilitating threat modeling workshops, binary and source code scanning.
Monitor SDL Adoption
Raise Security Awareness
Raise security awareness by giving regular sessions on security topics and tailor them according to the specific needs of the development teams. Covering topics such as: The Amadeus Secure Development Lifecycle, OWASP Top 10, Secure Coding guidelines for specific languages and promoting privacy by design.
Ensure developers have the skills and knowledge required to develop applications securely and compliant with PCI-DSS
Gather evidence needed for PCI audits, communicate actions, deliverables and target dates to developers, IT Operations and QA.
Monitor the progress of evidence collection
Verify the quality of evidence and work with the team members to improve the quality if needed
Track vulnerabilities and ensure they are remediated inline with Amadeus corporate standards
Support developers and IT Operations to create and implement remediation actions
Monitor compliance of the Bespoke Services team to Amadeus Information Security Standards, PCI-DSS and GDPR
Review requests from third parties and other Amadeus departments to develop and deploy customization (SmartScripts)
Education: Bachelor‘s degree or 8 years relevant experience
Relevant work experience:
Have at least 5 years’ experience in either software development, application security or infrastructure security or a combination of any of the fore mentioned
Have experience in application security or be enthusiastic to invest time in learning how to improve security.
Basic experience on Secure development practices, vulnerabilities, threat modelling etc.
Great communication and team work, strong problem solving skill.
Business understanding: Knowledge of Amadeus LSS, Amazon Cloud (AWS), BlackDuck and Fortify would be and advantage but is not essential
- ● 資訊工程學類,其他資訊科學學類 相關科系