Application Security Compliance Analyst (m/f)
Unbefristeter vertrag Erding (Upper Bavaria) Infra / Networks / Telecom
Job description
Amadeus is shaping the future of travel, and we want you to help.
As a technology leader we are always innovating to solve some of the challenges facing the travel industry. We let you take the lead when it comes to your progression, with a wide range of new and exciting projects you can be a part of.
We are highly committed to promote a corporate culture that values differences and welcomes people from any background. We reject categorically and wholeheartedly any discrimination on the grounds of gender, race, ethnic group, sexual orientation, age, disability or belief. Equality, diversity and environmental sustainability are key to our culture.
The travel and technology industries are evolving by the minute and the future is more exciting than ever. Join us, and be a part of it.
Summary Overview of Responsibilities:
We are looking for an Application Security Analyst to join theApplication Security & Compliance Team of our Enterprise Digital Services Security Office.
The Application Security & Compliance team is responsible for assessing applications’ security posture by identifying, reporting and tracking vulnerabilities related to the application, its source-code and underlying components. This applies to third-party and in-house developed applications.
The incumbent primary role is to perform day-to-day vulnerability assessment, analysis, reporting and tracking. The analyst will also analyze source code vulnerabilities, third-party components and the associated risk of exploitability.
Major Responsibilities:
· Participate in finding and analyzing vulnerabilities in applications to ensure applications are secured and controlled and the risk of using them is managed
· Perform analysis of vulnerability scanning results and make recommendations to owners ; Follow up on remediation status and report on progress with owners
· Participate in creation and maintenance of application security and design requirements and assessing that implementation plans meet EDS security policies, standards, and procedures
· Participate in static and dynamic application security testing processes; Analyze vulnerabilities in source code
· Supporting application security assessments and providing recommendations for mitigating risks
· Represent security interests on project teams by ensuring application security standards and requirements are defined as part of the deliverables
· Create and maintain application security documentation, policies and procedures
· Collect metrics and prepare technical reports for management
· Make recommendations to management on enhancements to existing and new security software or related tools
· Assist in evaluating, planning, configuration, and implementation of new/existing security applications/tools
Job Requirements:
· Qualification
· B.Sc. degree in Computer science or Data science ; equivalent combination of education and experience may be substituted in lieu of degree
· Know How
· Good understanding of application security requirements, principles and process
· Knowledge of OWASP Application Security Verification Standard
· Knowledge of the security of web services technologies, web servers, databases and web-based applications
· Knowledge of common application security controls and application security issues
· Knowledge of common technologies used in web applications (such as JavaScript, HTML, DHTML)
· Familiarity in application security scanning technologies (Qualys, Checkmarx) such as static application security testing (SAST), dynamic application security testing (DAST), single sign-on, and encryption
· Self-motivated with critical attention to detail, deadlines and reporting
· Ability to work both independently and in a team-oriented, collaborative environment across cultures (geographical; as well as organizational) and manage multiple priorities
· Ability to quickly assimilate knowledge from outside your own area of expertise
· Well above average learning ability ; high energy and ability to cope with uncertainty
· Ability to communicate technology issues to both technical and leadership personnel and negotiate to a mutually beneficial conclusion
· Ability to work in a fast-paced and deadline-oriented environment
· Strong analytical, prioritizing, interpersonal, problem-solving, presentation and planning skills
· Strong verbal and written communication skills
· Detailed, control oriented, and thorough
· Proficient in English
· Relevant Job Experience
· Demonstrated expertise in the field of application security with knowledge and experience of secure coding principals (e.g. OWASP), source code review, vulnerability scanning
Amadeus does not accept agency resumes. Amadeus is not responsible for any fees related to unsolicited resumes.
At Amadeus, we welcome a diverse and inclusive environment based on equality of opportunity, fairness, respect, and dignity for all our employees. We firmly believe that differences based on gender, race, culture, ethnicity, sexual orientation, and disabilities are strong assets in today’s complex, global, and interconnected world.