Internship: Enhancement of Amadeus Security Orchestration and Automation Response ( SOAR)

Description de l'offre

If you could change one thing about travel, what would it be? At Amadeus, you can make that happen!

Travel makes the world a better place and we are fully dedicated to improving it and making it even more rewarding. We are one of the world’s top 15 software companies: we provide technology solutions and services within the travel industry.

Do you have ideas on how to improve travel for everyone? Do you find the idea of working in a diverse, multicultural environment exciting? Are you ready to make an impact across the world? Great, then join us! Let’s shape the future of travel together. #shapethefutureoftravel@Amadeus

Business environment

The scope of the “R&D domain” Application Security Office is the complete portfolio of products, applications and tools developed inside Amadeus. Objectives focus on ensuring that existing and new Amadeus applications and other developments are made sufficiently robust, against both exploitation of potential vulnerabilities and fraudulent misuse, and that compliance is maintained with all applicable legislation and industry regulations or standards (such as PCI DSS, GDPR, and ISO 27K).

The Application Security Office plays a highly transversal role and close collaboration with all other security actors in the company.

As part of the Application Security Office, the Application Security Operation Centre (ASOC) team is responsible to monitor, detect and remediate any kind of live production attacks on our Amadeus Production Applications.

The goal of this internship is to provide automated solutions for investigating fraud cases, creating real-time alerts and pushing refined data into our Security Incident and Event Management (SIEM) platform. In order to coordinate and engineer security events, our team uses a Security Orchestration Automation and Response (SOAR) platform where playbooks are created according to our team and clients’ needs. Thus, this position offers a great opportunity to learn about how our ASOC team operates with different security aspects and to collaborate with people from different security disciplines inside and also outside of our group. Some of the tasks can be summarized as follows.

· Develop/implement fraud investigation tools (mostly in Python)
· Create playbooks for automatically managing the security events
· Contribute on investigating security incidents by creating automatic identification mechanisms

Main Accountabilities

· Be able to summarize complex situations
· Communicate and report on activities
· Monitor networks and systems for security breaches
· Work cross-organization to integrate and operate all monitor and logging tools
· Participation in the evaluation of new solutions.

Education

· Computer Science or Engineering degree
· Fluent in English: Written and spoken (mandatory)

Technical Skills

· Good experience with both Linux & Windows flavours of Operation System
· Working knowledge of cloud infrastructure (GCP, AWS) and networking concepts
· Technical writing and documentation competencies needed
· Good general security knowledge, familiarity with OWASP top 10 is a plus
· Experience with coding/scripting (python, java, ruby, etc.) is a plus

Personal Skills

· Pro-activity, initiative, and autonomy.
· Ability to work independently and inside distributed teams.
· Strong analytical and conceptual skills.
· Curiosity and ability to learn quickly.
· Accountability and reliability, personal involvement.
· Strong planning skills.
· Good communication and presentation skills to internal and external customer
· Willingness and ability to convince people, and drive cross-organization projects.
· Multi-cultural approach, and ability to interface with all levels of the organization

· Proven experience in development is a plus
· Knowledge in security is a plus

Our diversity commitment: equality, diversity and inclusion are part of who we are. We’re committed to equal opportunities and treatment regardless of age, ethnicity, gender, beliefs, sexual orientation or disability.

Any duplication and display of partial or full content of our job advertisement on any support, such as brochures, websites, mail, emails, this list is not exhaustive, is strictly forbidden without prior formal Amadeus’ authorisation.

Recruitment agencies: Amadeus does not accept agency resumes. Please do not forward resumes to our jobs alias, Amadeus employees or any other company location. Amadeus is not responsible for any fees related to unsolicited resumes.