Emplois
>
Nice

    Principal Information Security Engineer - Nice, France - Amadeus

    Amadeus
    Amadeus Nice, France

    il y a 3 semaines

    Default job background
    À temps plein
    Description

    Job Title

    Principal Information Security Engineer

    Business context

    The software & IT businesses are currently under unprecedented threats with criminals having almost unlimited resources at their disposals. Cyber Security is therefore more necessary than ever.

    Airline IT Security Office is one of the business Unit security offices in Amadeus. It covers the security and compliance of Airline IT software products developed by Amadeus, whether applications or internal tools, or platform components. The Airline IT Security Office works together with the Application, Platform & Infrastructure security office domains to cover their dedicated technical stack.

    Objectives focus on ensuring that existing and new developments are sufficiently robust, against both exploitation of potential vulnerabilities and fraudulent misuse, and that compliance is maintained with all applicable legislation and industry regulations or standards (such as PCI DSS, GDPR, and ISO

    The Airline IT Security Office plays a transversal role and has multiple reporting lines, within R&D and to the Amadeus CISO (Chief Information Security Officer), others to the PCI DSS and other corporate compliance programs. Close collaboration with all other security actors in the company is essential.

    Responsibilities of the project

    Amadeus has started a massive migration of all products, applications, and services to the Microsoft Azure cloud.

    The position includes working closely with Cloud architects, application architects, and security experts to securely migrate our applications to the Cloud (Azure IaaS & PaaS offerings), along with adaptation of all necessary in-house tooling to operate those applications.

    The adoption of the public Cloud constitutes a major challenge, with new opportunities to enhance security but also additional risks that must be identified, measured, and controlled. The position consists in providing and sharing Cloud security best practices and recommendations and be working with Cloud enterprise architects to identify and implement effective security solutions.

    The position involves security risk assessments of application design, providing guidance and expert help for threat modelling of complex cases, Deploy DevSecOps principles to gain efficiencies in SDL (Secure Development Lifecycle), cloud security and Vulnerability management,

    assisting in identifying attack surfaces and proposing pragmatic mitigating controls – weighing cost and constraints against benefits of reduced risk exposure and finding the right balance.

    As a security representative of the Airline IT Business Unit, you will be responsible for securing the integration of ALL the end-to-end security controls once an application is live (e.g., Security Operation Center and other Run time controls); as well as supporting Cybersecurity incident investigations that would be required to address any issues link to the Business Unit domains.

    The scope covers all application and tool development done by Amadeus, including a sizable portion of our Cloud platform.

    Due to the transversal nature of the position, the position includes to be interfacing with people from most divisions of the company: Not only development and architecture, and information security office from the Platform & Infrastructure security office, the line security offices, and the Global SOC (Security Operations Center) – but also Product Management, pre-Sales, and Legal.

    Key accountabilities

  • Provide guidance and recommendations for most effective Cloud security controls and promote best practice in hardening applications and fixing identified vulnerabilities.
  • Perform security assessments of applications and tools to proactively identify security issues or weaknesses and propose adequate cost-effective mitigation and remediation.
  • Drive necessary evolution in applications and provide guidance on appropriate mitigation, remediation, or compensating controls.
  • Promote compliance with the Secure Development Lifecycle (SDL) touchpoints, to ensure that security, data privacy, and compliance is built-in systematically in all Amadeus software development, by design and by default.
  • Help building up Cloud security expertise across security community through coaching and sharing expertise.
  • Communicate on security requirements and improve security awareness within the software development teams.
  • Ensure proposed solutions are feasible, cost effective, in-line with Amadeus security standards, and considered compliant by external auditors.
  • Facilitate the implementation of corporate, transversal security initiatives.
  • Facilitate incident management, support investigations, and help recover from security threats.
  • Manage and mitigate security risks with stakeholders.
  • Contribute to enriching R&D risk map and inventory, and actively reduce risk of identified weaknesses.
  • Contribute to building and maintaining inventory of products, applications, and tools.
  • Prevent security risks through internal audits, training, and awareness programs.

    • For the above:

  • Analyze what is applicable to Amadeus data, protocols, technical stacks
  • Document the solution with architecture & network diagrams, with description of what is important to implement
  • Help to prototype to demonstrate how to setup it in cloud
  • Develop resources templates/blueprints to guide the teams on the implementation settings
  • Review Azure policies and develop custom policies to automatically check the Cloud Security Posture Management
  • Do a capacity planning to estimate the cost of the solution and to confirm the cost-effective approach

    • Our ideal candidate

    Education

  • Computer Science or Engineering degree
  • Degree in Information Security is a plus

    • Languages

  • Fluent in English: Written and spoken (mandatory)

    • Skills

  • At least 5 years of proven cyber security experience
  • Application and platform security & risk assessments in a public Cloud environment.
  • Hands-on technical expertise in security architecture, automation, integration, and deployment (DevOps).
  • Proven experience building security reference architecture.
  • Familiarity with compliance & security standards across the enterprise IT landscape (PCI DSS, GDPR, SOC1/SOC2, and ISO 27K).
  • Knowledge of and experience with application security (and related standards such as OWASP).
  • Software development experience in C++, Java, Python & scripting or equivalent is a plus.
  • Working knowledge of cloud computing technologies, including automation and security tools (Cloud Security Posture Management, Security Event and Information Management, Public Key Infrastructure...), and of CI/CD in a cloud environment.
  • Knowledge of best practice and Cloud solutions for effective IAM, secrets management, container integrity & monitoring.
  • Certifications such as AZ500, CCSK, CCSP would be a plus.
  • Familiarity with Amadeus technology, architecture and business would be a plus.

    • What we can offer you

  • Be rewarded with a competitive remuneration, an individual and company bonus and enjoy many benefits.
  • The position is located in Nice with possibility to work from home, and you will also benefit from a home office set-up premium & monthly allowance.
  • 6 weeks holiday, plus pension contribution and healthcare insurance.
  • Experience in an environment with unique complexity and a hardly matched criticality among the leading tech companies.
  • Professional development in a truly international and multisite environment with a great mix of people.
  • A wide set of trainings available to broaden your knowledge and enhance your soft skills including onsite and on-line learning hubs packed of technical and soft skills to help to develop any competencies.
  • Enter a diverse and inclusive workplace.
  • Enjoy your office life: Coffee hubs to work or relax, quiet zone, flexible desks, agile areas, on site restaurants, tennis, soccer, yoga, dance, on-site sport center and classes and on-site concierge services.
  • Meritis

    Cyber Security Engineer

    il y a 2 semaines

    Meritis Nice, France

    Descriptif de l'entreprise :​ · Meritis est un cabinet de conseil, pilotage et développement IT fondé en 2007 présent à Paris, Sophia-Antipolis, Aix-en-Provence, Montpellier, Toulouse, Nantes... Et bientôt sur de nouveaux territoires Notre mission ? Connecter les meilleurs talent ...

  • Meritis

    Cyber Security Engineer

    il y a 3 semaines

    Meritis Nice, France

    Descriptif de l'entreprise :​ · Meritis est un cabinet de conseil, pilotage et développement IT fondé en 2007 présent à Paris, Sophia-Antipolis, Aix-en-Provence, Montpellier, Toulouse, Nantes... Et bientôt sur de nouveaux territoires Notre mission ? Connecter les meilleurs talent ...

  • Matawan Services

    Cyber Security Engineer

    il y a 2 semaines

    Matawan Services Nice, France

    MATAWAN SERVICES... plus agile, plus réactif · Nous sommes une agence technologique et éditeur de solution en hyper-croissance et en quête de renfort · En effet, nous avons rejoint Matawan, membre de la French Tech 120, faisant partie des start-ups les plus prometteuses. · Not ...

  • Meritis

    Cyber Security Engineer

    il y a 3 semaines

    Meritis Nice, France

    Descriptif de l'entreprise :​ · Meritis est un cabinet de conseil, pilotage et développement IT fondé en 2007 présent à Paris, Sophia-Antipolis, Aix-en-Provence, Montpellier, Toulouse, Nantes... Et bientôt sur de nouveaux territoires Notre mission ? Connecter les meilleurs talent ...

  • Fortinet

    Product Security Engineer

    il y a 2 semaines

    Fortinet Sophia Antipolis, France

    **Product Security Engineer** · **Location**:Sophia Antipolis, France · **Job Type**:Full-time Permanent (CDI) · **About Us** · Fortinet (NASDAQ: FTNT) protects the most valuable assets of some of the largest enterprise, service provider and government organizations across the gl ...

  • 1047 Amadeus S.A.S. (Nice)

    Lead Security Engineer

    il y a 1 jour

    1047 Amadeus S.A.S. (Nice) Nice, France

    Senior Lead Information Security Engineer page is loaded Senior Lead Information Security Engineer · Apply locations Nice Bangalore time type Full time posted on Posted Yesterday job requisition id R19979 Job Title · Senior Lead Information Security Engineer Business Environmen ...

  • Amadeus

    Information Security Engineer

    il y a 3 semaines

    Amadeus Nice, France À temps plein

    Job Title · Information Security EngineerDiversity & Inclusion · We are an Equal Opportunity Employer and seek to hire the best candidate regardless of age, beliefs, disability, ethnicity, gender or sexual orientation. · ...

  • Fortinet

    Product Security Engineering Intern

    il y a 1 semaine

    Fortinet Sophia Antipolis, France

    **Description** · Are you a student or a recent graduate looking for an internship within a fast-growing international environment and passionate about developing a strong experience in product security? · Then more reason to join this exciting Product Security Internship opportu ...

  • 1047 Amadeus S.A.S. (Nice)

    Senior Lead Information Security Engineer

    il y a 1 jour

    1047 Amadeus S.A.S. (Nice) Nice, France

    Senior Lead Information Security Engineer page is loaded · Senior Lead Information Security Engineer · Apply locations Nice Bangalore time type Full time posted on Posted Yesterday job requisition id R19979 Job Title · Senior Lead Information Security Engineer Business Envi ...

  • ALTEN

    STAGE / INTERNSHIP - Ingénieur Cyber Sécurité / Cyber Security Engineer (H/F)

    il y a 3 semaines

    ALTEN Antibes, France StageSHIP

    du poste · Le stage se focalisera sur l'étude semi-automatique de la conformité des entreprises de l'Industrie 4.0 en matière de cybersécurité, en tenant compte des législations et normes applicables. Les axes principaux du stage incluront : · Agrégation de Connaissances : explor ...

  • Codasip

    Product Manager

    il y a 3 jours

    Codasip Villeneuve-Loubet, France

    **Codasip** is a team of processor solutions experts uniquely helping developers to differentiate their products. Our rapidly growing team is spread across the world, with a large number of our engineers based in our original design center in Brno, Czechia. · We have already help ...

  • BayLibre

    Embedded Linux Developer

    il y a 4 jours

    BayLibre Villeneuve-Loubet, France

    BayLibre is at the heart of embedded Linux and partners with clients from innovative startups to large international companies to develop, optimize and productize embedded software for cool devices. We work closely and collaboratively with our clients at all stages of product dev ...

  • STATIM MANAGEMENT

    Director of Engineering

    il y a 2 semaines

    STATIM MANAGEMENT Biot, France

    Cintoo is a fast-growing start-up developing a SaaS platform named Cintoo Cloud, at the convergence of Reality Capture and Digital Twins. We are searching for flexible go-getters who welcome the challenge of meeting the needs of a fast-growing business. · Cintoo Cloud improves th ...

  • AIRBUS DEFENCE AND SPACE SAS

    Cloud Software Engineer

    il y a 3 semaines

    AIRBUS DEFENCE AND SPACE SAS Antibes, France

    Descriptif du poste · Un poste d'Intégrateur **Cloud software engineer (h/f)** vient de s'ouvrir au sein d'**Airbus Defence and Space** à **Sophia Antipolis** (Antibes / FRANCE). · Vous rejoindrez l'équipe d'imagerie logicielle « Cloud based & Legacy Geo products ». · Vous aurez ...

  • Outpost24 Group

    Junior Sales Engineer

    il y a 2 semaines

    Outpost24 Group Antibes, France

    Outpost24 is expanding our sales teams is currently seeking for a Junior Sales Engineer to join our team focusing on selling cyber security solutions and services. · As a Junior Sales Engineer, you will play a crucial role in supporting the sales team by providing technical exper ...

  • Second

    Senior Site Reliability Engineer

    il y a 2 semaines

    Second Antibes, France

    **Company Overview**: · Second is a fast-growing company on a mission to bring services to e-commerce. We develop a solution tailored to the unique needs of large corporate clients (Siemens Energy, Allianz, Suez etc..). Our platform offers unparalleled flexibility, enabling seaml ...

  • Outpost24 Group

    Digital Marketing Manager

    il y a 2 semaines

    Outpost24 Group Antibes, France

    Outpost24 is currently seeking a Digital Marketing Manager based in France to add to our lead generation team · **About Outpost24** · Outpost24 is a leading cybersecurity vendor in Europe that helps CISOs and security teams identify what threats matters most. Founded in 2001, we ...

  • Fortinet

    Lab Intern

    il y a 2 semaines

    Fortinet Sophia Antipolis, France

    **Reports To**:Laboratory Manager · **Location**:EMEA Support Center Sophia Antipolis, France · **Job Type**:Full-time Internship months in Summer 2023) · **About Us** · Fortinet (NASDAQ: FTNT) protects the most valuable assets of some of the largest enterprise, service provider ...

  • Fortinet

    Customer Readiness Testing Engineer

    il y a 1 semaine

    Fortinet Sophia Antipolis, France

    **Job Title**: · Customer Readiness Testing Engineer · **Reports to**: · Customer Readiness Testing Manager · **Location**: · EMEA Support Center, Sophia Antipolis - France · Hybrid · **Job Description Summary**: · Fortinet is growing and we are expanding our EMEA Customer Readin ...

  • Fortinet

    Technical Support Engineer

    il y a 2 semaines

    Fortinet Sophia Antipolis, France

    **Key Responsibilities**: · - Investigate customer issues, including replication of problems in-house, and working with engineering teams to provide solutions. · - Providing direct technical support via the phone, web based systems to our customers and partners though-out the EME ...