DescriptionYou will be a key figure in ensuring our software applications are designed and implemented to the highest security standards. You will be responsible for identifying and rectifying security vulnerabilities, thereby strengthening our software development life cycle.
Job Responsibilities
- Collaborate with product and delivery squads to ensure delivery of product features consistent with strategies, policies and controls across the organization.
- Work closely with the software development team to identify and mitigate security vulnerabilities during the development process.
- Automate regular assessment and audit of AWS cloud resources and services against security controls and standards and identify areas of improvement
- Engage with engineering teams to integrate security testing into the secure software development lifecycle pipeline in an agile environment via automation tools
- Write security controls and policies as code, implement them as validator across product workflow via automationΒ
- Stay up to date with the latest security threats, vulnerability and mitigation trends, and technology leading practices to ensure security remains robust and effective
- Ensure compliance with travel industry security standards and regulations
Β Required Qualifications, Capabilities, and Skills
- 5 to 6 years of relevant experience in application and cloud security with secure SDLC working with distributed enterprise applicationsΒ
- Extended years of experience with tools and automation techniques for integrating security into the SDLC, such as Static Code Analysis (SCA), Dynamic Application Security Testing (DAST), Container Security and Automated Compliance Testing.
- Strong knowledge of the latest secure coding principles, techniques, and specifications
- Thorough understanding of security requirements for travel applications, such as encryption, access controls, and audit trails
- Create, implement, and maintain application security policies, procedures and code-level security audits.
- Proven experience as an Application Security Engineer or similar role.
- Familiarity with security principles, frameworks, standards, and guidelines.
Β Preferred Qualifications, Capabilities, and Skills
- Proficiency in secure coding practices and familiarity with common security libraries, security controls, and common security flaws.
- Familiarity with web, API and microservices technologies (Web applications, Web Services, Service Oriented Architectures) and network/web related protocols.
- Experience with static and dynamic application security testing tools and methodologies.
- Relevant professional certifications such as Certified Secure Software Lifecycle Professional (CSSLP), Certified Ethical Hacker (CEH), or Certified Information Systems Security Professional (CISSP) are a plus but not mandatory