— Should have at least 3 years’ experience as a developer or QA.
— Ideally the Whitehat should have experience in application security or be enthusiastic to invest time in learning how to improve security.
— Deliver presentations and awareness sessions
— Manage meetings/workshops efficiently
— The whitehat should be enthusiastic and motivated in the goal to help improve application security in Amadeus.
— The Whitehat should undergo basic security training including:
- Foundations of Information Security Awareness
- Foundations of Software Security
- OWASP Top Ten
— The Whitehat should be inquisitive and follow free online courses in the goal of self-education.
— The Whitehat should receive advanced training according to specific needs. E.g. Training specifically for a particular programming language.
General Performance Indicators:
— Web applications scans performed.
— Security incident tickets opened following the correct procedure.
— Feedback from colleagues and Application Security Office.
— Regular security awareness sessions given.
— Career in the global tech & travel company
— Financial stability (compensation fixed in EUR)
— Medical Insurance
— Professional training & development (English Courses, DevOps Trainings)
— Friendly & Collaborative Environment
— Ensure web application scans are performed on a regular basis as part of the software lifecycle and create security issue for vulnerabilities found.
— Create and maintain a secure list of public (prod and test) accessible entry points. Help assess the risk of each of the applications/solutions and raise orders for penetration tests.
— For larger applications, organize and participate in threat modelling workshops.
— Point of contact for the Application Security Office, the Whitehat will help explain to teams where necessary the process and ensure a good quality of the questionnaire responses.
— Support teams who are participating in the PCI-process by providing advice, explanations, identifying gaps and helping to prepare for audits.
— Participate at security awareness by giving regular sessions on security topics and tailor them according to the specific needs of the teams in the region. Examples of security awareness sessions include:
- Regional Software Development Lifecycle
- OWASP Top 10
- Secure Coding guidelines for specific languages
Amadeus, CESE, Product & Solution Center — regional product development center, developing merchant & distribution web application portfolio of solutions for huge European Market. These are travel booking engines, consolidation platforms for travel providers (airlines, hotels, rail, buses, taxi & transfer services, cars) and travel sellers (online travel agencies, travel management companies, vertically Integrated tour operators, metasearch companies, single site travel agencies)