Sr Specialist – Information Security

Job Title SR SPECIALIST - INFORMATION SECURITY Responsibility Key Result Areas Represent CISO organization and in particular the Application Security Office in Bangalore relaying important security objectives requirements and information to R D in BLR Should be from core application software development or DevSecOps background and should have extensive development designing DevSecOps skill Should be leading the one or more development implementation initiatives for Application Security Office As DevSecOps Secure SDL Senior Specialist Lead build implementation and deployment of the Secure Development Lifecycle activities in CI CD pipeline Assist in security assessments of new architecture and technology Will have hands on experience in Secure SDLC including DevSecOps Threat Modelling Web Application Scan Static Binary Scan Vulnerability assessment and triaging and Security Testing Should provide expertise and consultancy on SCM like GitHub BitBucket Jenkins etc and security tools like Burpsuite Qualys WebApp Scan Blackduck Prisma scanner Fortify SSC sonarcube Checkmarx and other static dynamic analysis tools Should have exposure or ability to learn application security concepts not limited to CIA triad OWASP Top 10 Vulnerabilities OAuth SAML JWT Cryptography and other advanced security concepts Perform or assist in performing security assessments for new architectures and technologies providing expert guidance on potential security risks Analyse support and validate Security requirements with the purpose of continuously improving our services Support and help in conducting regularly MOCK PCI-DSS GDPR compliance audits and provide consultancy as required in order to maintain certifications compliance certificates and adherence to standards and compliancy requirements Ensure Compliance loopback channel to the organization with excellent coordination and communication between stakeholders within the organization Play the role of Security Product Owner Scrum Master Facilitator for App Security Agile Scrum Kanban Team Interface with the rest of the organization with the purpose to collect areas of improvement and transform enrich them in a way meaningful to the expected providers Understand the environment in sufficient details to solicit suggest validate and prioritize innovative ideas and or requirements that will improve the Security services provided by the organization Ensure project deliverables are delivered to the quality and schedule committed as per project management plan Ensure accurate and effective communication and reporting of key security indicators KSI to all relevant stakeholders Help animating R D community of Security Whitehats and build internal security expertise Assist in creating a security culture and provide input to HR Training for security trainings Provide formalised but pragmatic security standards guidelines and recommendations in collaboration with other security offices Raise alerts and find solutions communicate and report to internal and external stakeholders Competencies The right candidate will have total 9 to 12 years of experience in software development design development coding and engineering practices along with extensive experience in DevSecOps and product secure development lifecycle Secure SDL and methodologies implementation governance Good knowledge of infrastructure as code end-to-end fully-automated CI CD pipelines from code commits to production and security of repositories like GitHub BitBucket etc pipelines build release tools like Jenkins GitHub actions etc and methodologies in CI CD pipelines Proficiency in scripting including Python Groovy Helm shell scripts Perl etc to support the automation and continuous improvement of processes Hands on experience in DevSecOps Secure SDLC including Threat Modeling Vulnerability assessment Security Testing Security Scans and Security compliance like PCI-DSS GDPR ISO Exposure on Webservices SOAP REST security assessment will be a definite plus Experience in full DevSecOps CI CD pipeline Agile methodology container security APIs and microservices Knowledge of OWASP Top10 SANS Top25 CWE and CVE Mitre along with hands-on practical experience in development testing for vulnerabilities and implementing remediation Should have good exposure in Burpsuite Qualys WebApp Scan Blackduck Prisma scanner Fortify SSC and other static dynamic analysis tool Good understanding on all security areas like CIA Triad Authentication Authorization Session Management Cryptography Data Validation Error Handling Confidentiality Integrity Availability Authentication Authorization Auditing Logging etc Should have good experience in other areas of Secure SDLC Investigate potential attacks assess exploitability and risk exposure and propose mitigation Security certifications such as CEH CDP CDE CSSLP CISSP CCSP etc are a plus Soft Skills Multi-cultural approach and ability to interface with all levels of the organization Strong analytical conceptual and problem solving skills Accountability and reliability personal involvement Pro-activity initiative and autonomy Independent work ethic Diversity Inclusion Amadeus aspires to be a leader in Diversity Equity and Inclusion in the tech industry enabling every employee to reach their full potential by fostering a culture of belonging and fair treatment attracting the best talent from all backgrounds and as a role model for an inclusive employee experience Amadeus is an equal opportunity employer All qualified applicants will receive consideration for employment without regard to gender race ethnicity sexual orientation age beliefs disability or any other characteristics protected by law