Application Security Engineer (ASE)

Job Title

Application Security Engineer (ASE)

Summary of the role:

Navitaire has been transforming the world of travel since 1993, delivering game-changing technology that supports some of the most innovative airlines and rail carriers around the world. We offer proven solutions to help clients grow their business, reduce costs, capture new revenue sources and connect with digital customers and business partners.

A wholly owned subsidiary of Amadeus, Navitaire has over 500 employees in offices in North America, Europe, Asia and Australia. We have a wide range of careers and opportunities that let you do what you do best, every day. And our fun, casual and fast-paced environment give you the space to grow personally and professionally alongside other industry pioneers.

We are looking for an experienced Application Security Engineer (ASE) to support our engineering teams and encourage shift left security in all aspects of development. This position will help improve and build out security infrastructure and processes for our applications and products by leveraging expertise in secure development best practices and policies.

What you'll be doing

• Collaborate with engineering and QA teams to ensure secure development standards and secure coding best practices are followed
• Develop secure code practices and provide hands-on training to engineering teams and product owners
• Work with engineering Security Champions to ensure they have the tools, practices, and knowledge to help their teams maintain security practices according to the Security Development Lifecycle (SDL)
• Develop architecture patterns for our development platforms which supports authentication, authorization, isolation, and policy management
• Work with security tools to provide SAST, DAST, IAST, SCA, and other security testing
• Perform testing and then review, analyze, and interpret vulnerability testing results to identify applicability and false positives
• Ability to conduct web application and mobile security assessments and handle vulnerability remediation of applications
• Provide technical guidance and support to development teams to resolve security issues
• Provide technical advice to internal organizations and product owners on compliance and information security, specializing in application-level security and secure coding techniques
• Develop test plans for security verification and assist development teams with security testing methodologies and tools
• Work hands-on to improve and extend our security polices and best practices
• Evaluate application security tools for internal deployment processes
• Develop new automation and tooling to improve our detection and prevention capabilities
• Identify areas for, and participate in continuous improvement of security programs and practices (especially through automation), and where possible implement those improvements

About the ideal candidate:

• A MUST have is a solid engineering background with programming experience coding software in C#
• A deep understanding of application security practices, secure code development, and application security tooling.
• 3+ years experience as a full-time application security engineer.
• Strong knowledge of security vulnerabilities and remediation from top security frameworks. OWASP, NIST, CWE, PCI, SOX, etc.
• Experience assessing the security hardening and configuration of systems, databases, network devices, applications, and processes used within an organization.
• Ability to perform security assessments, penetration tests, and other vulnerability scans on applications to identify, assess, prioritize, remediate, and monitor the security of the applications.
• Experience working with security operations analysts to help more effectively identify nefarious activity performed by hackers.
• Knowledge of effective threat modeling skills and techniques.
• Knowledge of and experience with performing all operational aspects of static code analysis, composition analysis, and dynamic code scanning tools.
• Strong working knowledge of Linux, Windows, and other common compute technologies including public cloud.
• Demonstrate strong, effective communication and collaboration skills-both written and verbal.
• Industry standard security certifications (i.e. CISSP, CCSP, CEH, CASE, etc.), or willingness to obtain such within the first 6 months of employment.

Preferred Skills:

• A track record of achievements in your past roles and companies
• Ability to remove ambiguity and distill what matters and what doesn't
• The desire to teach and train security practices to various groups with the passion that helps them take your training and apply it to their day to day
• The ability to work with many different groups, and the communication skills and knowledge to instill confidence that you are the go-to security expert that will help them succeed.

What we can offer you:

• The opportunity to work for one of the world's top leading travel tech companies; a company that originated in technology innovation and sees the world with a technology-first perspective
• Skills development and opportunities to try new ideas
• A global diverse work environment

Application process:

The application process takes no longer than 10 minutes! Create your candidate profile, upload your CV and apply.

Are you the one we are looking for? Apply now!

Diversity & Inclusion

Amadeus is an Equal Employment Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or a related medical condition), ancestry, national origin, age, genetic information, military or veterans status, sexual orientation, gender expression, perception, or identity, marital status, mental or physical disability status, or any other protected federal, state, or local status unrelated to performance of work involved.