Senior Lead Information Security Engineer

Senior Lead Information Security Engineer page is loaded Senior Lead Information Security Engineer Apply locations Nice Bangalore time type Full time posted on Posted Yesterday job requisition id R19979 Job Title Senior Lead Information Security Engineer Business Environment   Amade us has 10.000 engineers working daily to develop new software . Security attacks at the software pipeline level is a growing security risk in the Tech industry. This happens both via v ulnerabilities in our code ( would it be insecure code, dependencies or the present of secrets ) or attacking the toolchain itself . For instance, a ttacks specifically attacking Amadeus software pipeline have already occurred which we have successfully forestalled .  About the role: The purpose of the position is to take the role of Technical Information Security Officer (TISO) for the CPS-EUS Engineering Enablement portfolio: Give the means and tooling to application so that the code built is secure and these checks are integrated in the development lifecycle (security scanners) Harden the software toolchain itself to ensure it cannot be breached. Prevent software and software artefacts tampering . Ensure the engineering toolchain and tools are kept to high security standards. The position includes working closely with the CISO Application Security Office on defining the Amadeus answer to the risks related to software engineering: • Define the choice of architecture and tooling to implement these requirements, bring the proposal to the CISO group for endorsement • Select the software and software artefacts security scanners, combination of necessary in-house tooling and third-party vendors Additionally, it will involve close collaboration with security managers, the Application Security Office head of the SDL, security experts and principal engineers to: • Securely design and track the implementation of the software toolchain. • Receive the requirements from the SDL organization through close collaboration , in particular prioritization of exact risks to be addressed  • Relationship with the third-party vendors and following the security tech industry evolution for these scanners • Always search for the good equilibrium between security risk, cost and friction • Security market watch of threat and security tooling evolution for software engineers. • P rovide support for software engineering to implement secure software with these tools . • Perform security and risk assessments of application design developed as part of Engineering Enablement . • Provide guidance and expert help for threat modelling of complex cases, assisting in identifying attack surfaces and proposing pragmatic mitigating controls for elements developed as part of CPS- EUS . The scope covers all application and tool development done as part of the Engineering Experience portfolio directly ( Cloud Platform & Engineering Experience SAFe in particular Engineering Toolchain and ICE trains ) Due to the transversal nature of the position, the position includes to be interfacing with people from most divisions of the company: Not only architecture, information security office from the Platform & Infrastructure security office, the line security offices, and the Global SOC (Security Operations Center ) – but also P rincipal Engineers and software development community at large whose daily job will be directly impacted . Job Profile Summary TISO (Technical Information Security Officer) in charge to d evelop and ensure alignment to the Corporate Security Strategy and Business Domain Vision and Governance in line with the Business Strategy. Common accountabilities :  - Proficient with functional and technical knowledge, recognized as an expert in own area within the organization. Serves as an advisor, coordinates and guides others in resolving complex issues with implications on cross functional business processes and outcomes.  - Understands industry drivers, uses financial indicators to measure performance and effectively drives business decisions; recommends solutions/best practices and strategies in own area. Contributes with the planning and organization of an area and to large scale decision-making processes.  - Works independently, with guidance in only the most complex situations. Provides leadership and direction to other Managers and contributes to a culture of innovation.  Specific accountabilities:  * Develop, implement, and maintain the Information Security Framework for the CPS-EUS Engineering Experience portfolio ( policies, standards, guidelines, architecture models, etc.) * Derive and translate the Corporate Security Policies into local/specific ones and with the corresponding standards, baselines, guidelines & architectural model  * Develop and embed security processes into global framework and methodologies  * Develop a strong communication (position papers, policies, procedures, standards, etc.) and awareness around the Information Security Policies.  * Ensure that the security risk posture forthe CPS-EUS Engineering Experience portfolio is aligned with the business appetite & strategy * Manage and coordinate the Security-centric Proof of Concepts & Pilots  * Provide security consulting/ expertise and support in programs / projects to other Business Units  * Perform security assessment on Programs/projects ((confidentiality, integrity, availability, traceability) with compliance to applicable regulations)  * Identify possible mitigation measures  * Translate security risk into business terms which are understandable by the business to reach residual risk acceptance  * Validate the design & accreditation of the security with Programs & projects (architecture, design, processes, regulatory compliance)  * Supervise the implementation of security in Programs and Projects  * Collect & report of metrics supporting the business value of the security program’s activities  * Conduct, coordinate or support IT Risk Assessment analysis and Audit Plans  * Drive the day-to-day security process: - Handle serious security Incidents - Monitor Security operational process effectiveness and propose improvements - Vulnerabilities detection and mitigation proposal.  * Supervise security technology and threat watching.   About the ideal candidate: At least 5 years of professional experience in Information Security.Strong understanding of security principles and practices.Deep knowledge of software development. Effective collaboration, ability to prioritize and execute security strategies. Excellent interpersonal and communication skills.Effective in reporting to managers and stakeholders.Proficiency in English, both spoken and written.Proven experience in technical leadership.Ability to work in a complex organization, engaging with numerous stakeholders. What we can offer you Be rewarded with a competitive remuneration, an individual and company bonusand enjoy many benefits. Work from anywhere: Flexible teleworking from 1 to 3 days per week. You will also benefit from a home office set-up premium & monthly allowance.6 weeks holiday, plus pension contribution and healthcare insurance. Experience in an environment with unique complexity and a hardly matched criticality among the leading tech companies.Professional development in a truly international and multisite environment with a great mix of people. A wide set of trainings available to broaden yourknowledge and enhance your soft skillsincluding onsite and on-line learning hubs packed of technical and soft skills to help to develop any competencies. Enter a diverse and inclusive workplace.Enjoy your office life: Coffee hubs to work or relax, quiet zone, flexible desks and agile areas, on site restaurants, tennis, soccer, yoga, dance, on-site sport center and classes and on-site concierge services.  How do we hire? Online application : Submit your online application and our Talent Acquisition team will get in touch if your skills match the role.  Phone Interview : We'll get to know each other with a short casual conversation. You'll also have the chance to ask questions.  Online Testing : Depending on the role you applied for, you may have to do some online tests.  Interviews : First, you'll meet one of our talent teams. Then you'll have an interview with a member or members of the team you're looking to join.  Offer : Our Talent team will make you a job offer and welcome you to your new role with us.  Join our global team : Where you can develop your skills and build an international career that matters.  100% of the people we’ve recruited started by applying. Take a chance! Diversity & Inclusion Amadeus aspires to be a leader in Diversity, Equity and Inclusion in the tech industry, enabling every employee to reach their full potential by fostering a culture of belonging and fair treatment, attracting the best talent from all backgrounds, and as a role model for an inclusive employee experience. Amadeus is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to gender, race, ethnicity, sexual orientation,age, beliefs, disability or any other characteristics protected by law. About Us #J-18808-Ljbffr