AddressPosition : Information Security Principal Architect
Location - Bengaluru
Skills required : Design & Development
Pen Testing, vulnerability, Enterprise Architecture, Design & Development
exp - 10+ years
Location - Bengaluru
Mode of Work - Hybrid
Position : Information Security Principal Architect
EDUCATION : Computer Science or Engineering Master's degree
Following certifications are a plus: CEH, CASE, TOGAF, AZ-500, CSSLP
Experience Required :
- Master's degree in Computer Science or related field, or equivalent.
- 10-12 years of total experience in SDLC, Enterprise Architecture, Design & Development, Threat Modeling etc
- 5-6 years of experience in Application Security activates & practices
- Should be good with Security by design (Threat Modeling), Static Scan, Binary Scan, Dynamic scan, Vulnerability assessment & Triage, understanding of PEN Testing, Data Privacy (GDPR) etc.
- Should be well versed with good hands-on experience in application security tools like Fortify, Blackduck, Prisma, Qualys, Burpsuite, Microsoft Threat Modeling Tool etc
- Should be a good learner, self-motivated and work independently
- Good spoken & presentation skill
- Should be good in stakeholder management
Role :
Security Architect position is opened, with the following purpose:
- Help consolidate and standardize the security components of Amadeus Applications & systems.
- Collaborate with Amadeus cloud migration program stakeholders & contribute actively in terms of Application Security strategies & activities.
- Create strategic secure solution designs that anticipate our customers' range of requirements and provide suggestions/solutions in closing existing security loopholes.
- Be the primary contact for one or more area of Application Security domain within organization.
- Should have strong focus & drive Secure Development Lifecycle (SDL) in Amadeus & play a critical role in terms of Technical Leadership in terms of consulting, strategies definition, vulnerability analysis, troubleshooting, solutioning & mitigation activities.
- Help Application Security Office to align with Amadeus security policies, procedures and represent the Application Security Office at different forums in Amadeus.
- Stay abreast of new developments/issues in Cyber/Application security and ensure Application Security Office responds in a timely manner to the problem & issues.
- Focus on ensuring that existing and new developments are made sufficiently robust, against both exploitation of potential vulnerabilities and fraudulent misuse, and that compliance is maintained with all applicable legislation and industry regulations or standards (such as PCI (Payment Card Industry) DSS, GDPR, and ISO 27K).
- Application Security Office plays a transversal role and has multiple reporting lines, within R&D, Amadeus CISO (Chief Information Security Officer) and different compliance programs like PCI (Payment Card Industry) DSS, Data Privacy (GDPR), ISO 27K etc.
- A close collaboration with all these security actors in the organization is essential to be established.
- Application Security Office works together with the Platform & Infrastructure security office domains & BU security offices to cover their dedicated technical stack. A close collaboration with all these domain & BU security offices actors in the organization is essential to be established & maintained.
Accountabilities:
Technical Leadership: Act as Leader in Application/Cyber security reference architecture, security strategy definition, design, support and promotion of the application security activities, processes & tools.
