- Provide guidance and recommendations for most effective Cloud security controls and promote best practice in hardening applications and fixing identified vulnerabilities.
- Perform security assessments of applications and tools to proactively identify security issues or weaknesses and propose adequate cost-effective mitigation and remediation.
- Drive necessary evolution in applications and provide guidance on appropriate mitigation, remediation, or compensating controls.
- Promote compliance with the Secure Development Lifecycle (SDL) touchpoints, to ensure that security, data privacy, and compliance is built-in systematically in all Amadeus software development, by design and by default.
- Help building up Cloud security expertise across security community through coaching and sharing expertise.
- Communicate on security requirements and improve security awareness within the software development teams.
- Ensure proposed solutions are feasible, cost effective, in-line with Amadeus security standards, and considered compliant by external auditors.
- Facilitate the implementation of corporate, transversal security initiatives.
- Facilitate incident management, support investigations, and help recover from security threats.
- Manage and mitigate security risks with stakeholders.
- Contribute to enriching R&D risk map and inventory, and actively reduce risk of identified weaknesses.
- Contribute to building and maintaining inventory of products, applications, and tools.
- Prevent security risks through internal audits, training, and awareness programs.
- Analyze what is applicable to Amadeus data, protocols, technical stacks
- Document the solution with architecture & network diagrams, with description of what is important to implement
- Help to prototype to demonstrate how to setup it in cloud
- Develop resources templates/blueprints to guide the teams on the implementation settings
- Review Azure policies and develop custom policies to automatically check the Cloud Security Posture Management
- Do a capacity planning to estimate the cost of the solution and to confirm the cost-effective approach
- Computer Science or Engineering degree
- Degree in Information Security is a plus
- Fluent in English: Written and spoken (mandatory)
- At least 5 years of proven cyber security experience
- Application and platform security & risk assessments in a public Cloud environment.
- Hands-on technical expertise in security architecture, automation, integration, and deployment (DevOps).
- Proven experience building security reference architecture.
- Familiarity with compliance & security standards across the enterprise IT landscape (PCI DSS, GDPR, SOC1/SOC2, and ISO 27K).
- Knowledge of and experience with application security (and related standards such as OWASP).
- Software development experience in C++, Java, Python & scripting or equivalent is a plus.
- Working knowledge of cloud computing technologies, including automation and security tools (Cloud Security Posture Management, Security Event and Information Management, Public Key Infrastructure...), and of CI/CD in a cloud environment.
- Knowledge of best practice and Cloud solutions for effective IAM, secrets management, container integrity & monitoring.
- Certifications such as AZ500, CCSK, CCSP would be a plus.
- Familiarity with Amadeus technology, architecture and business would be a plus.
- Be rewarded with a competitive remuneration, an individual and company bonus and enjoy many benefits.
- The position is located in Nice with possibility to work from home, and you will also benefit from a home office set-up premium & monthly allowance.
- 6 weeks holiday, plus pension contribution and healthcare insurance.
- Experience in an environment with unique complexity and a hardly matched criticality among the leading tech companies.
- Professional development in a truly international and multisite environment with a great mix of people.
- A wide set of trainings available to broaden your knowledge and enhance your soft skills including onsite and on-line learning hubs packed of technical and soft skills to help to develop any competencies.
- Enter a diverse and inclusive workplace.
- Enjoy your office life: Coffee hubs to work or relax, quiet zone, flexible desks, agile areas, on site restaurants, tennis, soccer, yoga, dance, on-site sport center and classes and on-site concierge services.
-
Cyber Security Engineer
il y a 2 semaines
Meritis Nice, FranceDescriptif de l'entreprise : · Meritis est un cabinet de conseil, pilotage et développement IT fondé en 2007 présent à Paris, Sophia-Antipolis, Aix-en-Provence, Montpellier, Toulouse, Nantes... Et bientôt sur de nouveaux territoires Notre mission ? Connecter les meilleurs talent ...
-
Cyber Security Engineer
il y a 3 semaines
Meritis Nice, FranceDescriptif de l'entreprise : · Meritis est un cabinet de conseil, pilotage et développement IT fondé en 2007 présent à Paris, Sophia-Antipolis, Aix-en-Provence, Montpellier, Toulouse, Nantes... Et bientôt sur de nouveaux territoires Notre mission ? Connecter les meilleurs talent ...
-
Cyber Security Engineer
il y a 2 semaines
Matawan Services Nice, FranceMATAWAN SERVICES... plus agile, plus réactif · Nous sommes une agence technologique et éditeur de solution en hyper-croissance et en quête de renfort · En effet, nous avons rejoint Matawan, membre de la French Tech 120, faisant partie des start-ups les plus prometteuses. · Not ...
-
Cyber Security Engineer
il y a 3 semaines
Meritis Nice, FranceDescriptif de l'entreprise : · Meritis est un cabinet de conseil, pilotage et développement IT fondé en 2007 présent à Paris, Sophia-Antipolis, Aix-en-Provence, Montpellier, Toulouse, Nantes... Et bientôt sur de nouveaux territoires Notre mission ? Connecter les meilleurs talent ...
-
Product Security Engineer
il y a 2 semaines
Fortinet Sophia Antipolis, France**Product Security Engineer** · **Location**:Sophia Antipolis, France · **Job Type**:Full-time Permanent (CDI) · **About Us** · Fortinet (NASDAQ: FTNT) protects the most valuable assets of some of the largest enterprise, service provider and government organizations across the gl ...
-
Lead Security Engineer
il y a 1 jour
1047 Amadeus S.A.S. (Nice) Nice, FranceSenior Lead Information Security Engineer page is loaded Senior Lead Information Security Engineer · Apply locations Nice Bangalore time type Full time posted on Posted Yesterday job requisition id R19979 Job Title · Senior Lead Information Security Engineer Business Environmen ...
-
Information Security Engineer
il y a 3 semaines
Amadeus Nice, France À temps pleinJob Title · Information Security EngineerDiversity & Inclusion · We are an Equal Opportunity Employer and seek to hire the best candidate regardless of age, beliefs, disability, ethnicity, gender or sexual orientation. · ...
-
Product Security Engineering Intern
il y a 1 semaine
Fortinet Sophia Antipolis, France**Description** · Are you a student or a recent graduate looking for an internship within a fast-growing international environment and passionate about developing a strong experience in product security? · Then more reason to join this exciting Product Security Internship opportu ...
-
Senior Lead Information Security Engineer
il y a 1 jour
1047 Amadeus S.A.S. (Nice) Nice, FranceSenior Lead Information Security Engineer page is loaded · Senior Lead Information Security Engineer · Apply locations Nice Bangalore time type Full time posted on Posted Yesterday job requisition id R19979 Job Title · Senior Lead Information Security Engineer Business Envi ...
-
ALTEN Antibes, France StageSHIPdu poste · Le stage se focalisera sur l'étude semi-automatique de la conformité des entreprises de l'Industrie 4.0 en matière de cybersécurité, en tenant compte des législations et normes applicables. Les axes principaux du stage incluront : · Agrégation de Connaissances : explor ...
-
Product Manager
il y a 3 jours
Codasip Villeneuve-Loubet, France**Codasip** is a team of processor solutions experts uniquely helping developers to differentiate their products. Our rapidly growing team is spread across the world, with a large number of our engineers based in our original design center in Brno, Czechia. · We have already help ...
-
Embedded Linux Developer
il y a 4 jours
BayLibre Villeneuve-Loubet, FranceBayLibre is at the heart of embedded Linux and partners with clients from innovative startups to large international companies to develop, optimize and productize embedded software for cool devices. We work closely and collaboratively with our clients at all stages of product dev ...
-
Director of Engineering
il y a 2 semaines
STATIM MANAGEMENT Biot, FranceCintoo is a fast-growing start-up developing a SaaS platform named Cintoo Cloud, at the convergence of Reality Capture and Digital Twins. We are searching for flexible go-getters who welcome the challenge of meeting the needs of a fast-growing business. · Cintoo Cloud improves th ...
-
Cloud Software Engineer
il y a 3 semaines
AIRBUS DEFENCE AND SPACE SAS Antibes, FranceDescriptif du poste · Un poste d'Intégrateur **Cloud software engineer (h/f)** vient de s'ouvrir au sein d'**Airbus Defence and Space** à **Sophia Antipolis** (Antibes / FRANCE). · Vous rejoindrez l'équipe d'imagerie logicielle « Cloud based & Legacy Geo products ». · Vous aurez ...
-
Junior Sales Engineer
il y a 2 semaines
Outpost24 Group Antibes, FranceOutpost24 is expanding our sales teams is currently seeking for a Junior Sales Engineer to join our team focusing on selling cyber security solutions and services. · As a Junior Sales Engineer, you will play a crucial role in supporting the sales team by providing technical exper ...
-
Senior Site Reliability Engineer
il y a 2 semaines
Second Antibes, France**Company Overview**: · Second is a fast-growing company on a mission to bring services to e-commerce. We develop a solution tailored to the unique needs of large corporate clients (Siemens Energy, Allianz, Suez etc..). Our platform offers unparalleled flexibility, enabling seaml ...
-
Digital Marketing Manager
il y a 2 semaines
Outpost24 Group Antibes, FranceOutpost24 is currently seeking a Digital Marketing Manager based in France to add to our lead generation team · **About Outpost24** · Outpost24 is a leading cybersecurity vendor in Europe that helps CISOs and security teams identify what threats matters most. Founded in 2001, we ...
-
Lab Intern
il y a 2 semaines
Fortinet Sophia Antipolis, France**Reports To**:Laboratory Manager · **Location**:EMEA Support Center Sophia Antipolis, France · **Job Type**:Full-time Internship months in Summer 2023) · **About Us** · Fortinet (NASDAQ: FTNT) protects the most valuable assets of some of the largest enterprise, service provider ...
-
Customer Readiness Testing Engineer
il y a 1 semaine
Fortinet Sophia Antipolis, France**Job Title**: · Customer Readiness Testing Engineer · **Reports to**: · Customer Readiness Testing Manager · **Location**: · EMEA Support Center, Sophia Antipolis - France · Hybrid · **Job Description Summary**: · Fortinet is growing and we are expanding our EMEA Customer Readin ...
-
Technical Support Engineer
il y a 2 semaines
Fortinet Sophia Antipolis, France**Key Responsibilities**: · - Investigate customer issues, including replication of problems in-house, and working with engineering teams to provide solutions. · - Providing direct technical support via the phone, web based systems to our customers and partners though-out the EME ...
Principal Information Security Engineer - Nice, France - Amadeus
Description
Job Title
Principal Information Security EngineerBusiness context
The software & IT businesses are currently under unprecedented threats with criminals having almost unlimited resources at their disposals. Cyber Security is therefore more necessary than ever.
Airline IT Security Office is one of the business Unit security offices in Amadeus. It covers the security and compliance of Airline IT software products developed by Amadeus, whether applications or internal tools, or platform components. The Airline IT Security Office works together with the Application, Platform & Infrastructure security office domains to cover their dedicated technical stack.
Objectives focus on ensuring that existing and new developments are sufficiently robust, against both exploitation of potential vulnerabilities and fraudulent misuse, and that compliance is maintained with all applicable legislation and industry regulations or standards (such as PCI DSS, GDPR, and ISO
The Airline IT Security Office plays a transversal role and has multiple reporting lines, within R&D and to the Amadeus CISO (Chief Information Security Officer), others to the PCI DSS and other corporate compliance programs. Close collaboration with all other security actors in the company is essential.
Responsibilities of the project
Amadeus has started a massive migration of all products, applications, and services to the Microsoft Azure cloud.
The position includes working closely with Cloud architects, application architects, and security experts to securely migrate our applications to the Cloud (Azure IaaS & PaaS offerings), along with adaptation of all necessary in-house tooling to operate those applications.
The adoption of the public Cloud constitutes a major challenge, with new opportunities to enhance security but also additional risks that must be identified, measured, and controlled. The position consists in providing and sharing Cloud security best practices and recommendations and be working with Cloud enterprise architects to identify and implement effective security solutions.
The position involves security risk assessments of application design, providing guidance and expert help for threat modelling of complex cases, Deploy DevSecOps principles to gain efficiencies in SDL (Secure Development Lifecycle), cloud security and Vulnerability management,
assisting in identifying attack surfaces and proposing pragmatic mitigating controls – weighing cost and constraints against benefits of reduced risk exposure and finding the right balance.
As a security representative of the Airline IT Business Unit, you will be responsible for securing the integration of ALL the end-to-end security controls once an application is live (e.g., Security Operation Center and other Run time controls); as well as supporting Cybersecurity incident investigations that would be required to address any issues link to the Business Unit domains.
The scope covers all application and tool development done by Amadeus, including a sizable portion of our Cloud platform.
Due to the transversal nature of the position, the position includes to be interfacing with people from most divisions of the company: Not only development and architecture, and information security office from the Platform & Infrastructure security office, the line security offices, and the Global SOC (Security Operations Center) – but also Product Management, pre-Sales, and Legal.
Key accountabilities
For the above:
Our ideal candidate
Education
Languages
Skills
What we can offer you