Travelport
Senior Application Security Engineer
Detailed job duties:
• Analyze, consult, and champion the secure design and implementation of new and existing
Travelport products and applications;
• Support secure coding efforts in coordination with development teams involving continuous
integration, automated code scans using security analysis tools to identify vulnerabilities in
source code, prioritize those vulnerabilities, propose solutions, and then coordinating
remediation with development team;
• Perform on-going security testing and code review and coordinate remediation efforts with
development teams;
• Conduct hands-on security testing, analyze test results, document risks, and recommend
mitigating controls;
• Perform in the role of subject matter expert on security projects and processes (i.e., data
protection, identity management, vulnerability management, etc.);
• Creation and operation of information security processes and procedures;
• Drive and manage information security projects, including use case and requirement
development, technology evaluations, technology recommendations, and product
implementation / support
• Participate in the Incident Response process;
• May be called upon to act in the role of a security architect on an application or infrastructure
project;
• Development and enforcement of Cyber Security Policy;
• Interface with IT Risk Management, Audit, and the Privacy Office at Travelport to coordinate
related policy and procedures, and to provide for the appropriate flow of information regarding
risk treatment at Travelport; and
• Liaison with business units with Travelport to manage IT compliance with National and
International laws and regulations, as well as contractually enforced industry standards.
Education & experience/special skills/technologies/tools requirements
• Bachelor’s degree Computer Science, Management Information Systems, Information Security
or related field plus 5 years of experience years in Information Security Governance, Privacy
and Regulatory Compliance, or Cyber Security.
• 3+ years of experience with software development lifecycle and the software development
techniques
• 3+ years of experience with PCI compliance and remediation, data protection and risk
assessments
• Considerable experience with application/software security procedures, performing
software/application assessments, and assisting development teams with software
vulnerability remediation.
• Must possess in-depth, hands-on experience with one of the following: Java, C, C++, C#,
ASP.Net, Swift, Objective C, Kotlin
• Considerable knowledge and experience with both dynamic testing and static code analysis
tools such as Whitehat, Fortify, WebInspect, Checkmarx, Veracode, etc.
• Proficient knowledge and experience with open-source software platforms, open source
development tools, open source composition analysis tools
• Must be proficient with cloud platforms and microservices architecture
• Must be proficient with network and security controls including firewalls, WAFs, IDS/IPS, VPN,
DLP and SIEM
• Ability to discover anomalies, trends, and potential threats within software and, specifically,
with experience of performing software security audits
• Must be proficient with operating system security controls to design and conduct penetration
testing against Windows, Linux, Unix and OSX platforms
• Must have thorough understanding of vulnerability detection / management, risk assessment
and incident response processes;
• Must possess good verbal and written communication decision-making, interpersonal and
analytical skills, critical thinking; and
• Must demonstrate the ability to work effectively in a technical environment and be a positive
member of a collaborative team.
• CISSP or equivalent certification
• Application or software security certifications are preferred, such as CSSLP, GIAC GWEB,
GWAPT, GSSP-Java, GSSP-.NET, etc.
Functional Area:
Technology
Office location
US - ATLANTA - HQ