Job Title
Application Security Engineer (White Hat)** All CVs must be submitted in English**
About the area/department:Consulting and Bespoke Services (CBS) within Amadeus focuses on delivering tailored solutions to meet the unique needs of our customers. Our customers include travel agents, large online travel websites, and other travel-related businesses. We work closely with various departments to integrate and deploy customized solutions, ensuring seamless operations and enhanced customer satisfaction. The team is involved in the entire lifecycle of customer solutions, from initial consultation and design to implementation and ongoing support. In addition to our hub in Bogota, we also have hubs in APAC (Thailand, India, and Taipei) and Europe (Spain and France).
Summary of the Role:You will be responsible for ensuring the security of our software applications by identifying vulnerabilities and collaborating with software developers to mitigate them throughout the software development lifecycle. This role involves working closely with development and QA teams to conduct threat models, implement secure coding practices, monitor the treatment of scan findings, and provide guidance on addressing discovered vulnerabilities. Additionally, you will work with QA to ensure security functional test case coverage and gather evidence for PCI audits.
In this role you’ll:Facilitate threat modeling sessions with developers, QA, and functional experts to identify potential issues in new solutions being planned.Monitor findings detected by source code and binary scanning tools and work with developers to ensure they are addressed during the development process.Manage the treatment of vulnerabilities detected in existing applications by calculating the environmental CVSS scores, suggesting remediation strategies, and following the progress of the vulnerability until closure.Work with development teams, QA, and Platform Operation teams to collect evidence for annual PCI audits and ensure that any new applications developed are compliant with PCI-DSS.About the ideal candidate:The ideal candidate would be highly detail-oriented and possesses a deep understanding of the software development lifecycle and secure coding practices, particularly with .NET and Docker/Kubernetes. They should have the ability to analyze vulnerabilities, suggest remediation strategies, and clearly communicate these strategies to developers, working with them to ensure the closure of vulnerabilities.
Effective problem-solving, communication, and analytical skills are essential, as well as the ability to work collaboratively with cross-functional teams in both English and Spanish. Additionally, the ideal candidate should be knowledgeable about PCI-DSS compliance and capable of working with various teams to collect evidence for annual PCI audits.
Technical Competencies:
Fortify, Security Center, and BlackDuck: Proficiency in using these security tools to identify and manage vulnerabilities in software applications..NET Development: Understanding and experience in developing secure applications using the .NET framework.Kubernetes/Docker: Knowledge of containerization and orchestration technologies to ensure secure deployment and management of applications.CVSS Vulnerability: Ability to calculate and interpret Common Vulnerability Scoring System (CVSS) scores to assess the severity of vulnerabilities.Threat Modeling: Expertise in conducting threat modeling sessions to identify potential security issues in new and existing applications.What we can offer you:Get rewarded with competitive remuneration, individual and company annual bonus, vacation and holiday paid time off, health insurances and other competitive benefits.
Work hybrid at our Bogota office.
Professional development to broaden your knowledge and enhance your skills with on-line learning hubs packed with technical and soft skills training that allow you to develop and grow.
Enter a diverse and inclusive workplace, join one of the world’s top travel technology companies and take on a role that impacts millions of travelers around the globe.
Application process:The application process takes no longer than 10 minutes!
Create your candidate profile, upload your Resume/CV and apply today!
🎯 A critical mission and purpose - At Amadeus, you will be powering the future of travel and pursuing a critical mission and extraordinary purpose.
🌎 A truly global DNA - Everything at Amadeus is global, from our people to our business, which translates into our footprint, processes, and culture.
🎓 Great opportunities to learn - Learning happens all the time and in many ways at Amadeus, through on-the-job training, formal learning activities, and day-to-day interactions with colleagues.
🤗 A caring environment - Amadeus fosters a caring environment, nurturing both a fulfilling career and personal and family life. We care about our employees and strive to provide a supportive work environment.
💰 A complete rewards offer - Amadeus provides attractive remuneration packages, covering all essential components of a competitive reward offer, including salary, bonus, equity, and benefits.
🌈 A diverse and inclusive community - We are committed to leveraging our uniquely diverse population to drive innovation, creativity, and collaboration across our organization.
📈 A Reliable Company - Trust and reliability are fundamental values that drive our actions and shape long-lasting relationships with our customers, partners, and employees.
#LI-AM2024
Diversity & Inclusion
Amadeus aspires to be a leader in Diversity, Equity and Inclusion in the tech industry, enabling every employee to reach their full potential by fostering a culture of belonging and fair treatment, attracting the best talent from all backgrounds, and as a role model for an inclusive employee experience.
Amadeus is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to gender, race, ethnicity, sexual orientation, age, beliefs, disability or any other characteristics protected by law.