Internship: Design and Construction of Security Incident Event Management System
Stage Nice (Alpes-Maritimes) Evénementiel
Description de l'offre
If you could change one thing about travel, what would it be? At Amadeus, you can make that happen!
Travel makes the world a better place and we are fully dedicated to improving it and making it even more rewarding. We are one of the world’s top 15 software companies: we provide technology solutions and services within the travel industry.
Do you have ideas on how to improve travel for everyone? Do you find the idea of working in a diverse, multicultural environment exciting? Are you ready to make an impact across the world? Great, then join us! Let’s shape the future of travel together. #shapethefutureoftravel@Amadeus
Business environment
The scope of the “R&D domain” Application Security Office is the complete portfolio of products, applications and tools developed inside Amadeus. Objectives focus on ensuring that existing and new Amadeus applications and other developments are made sufficiently robust, against both exploitation of potential vulnerabilities and fraudulent misuse, and that compliance is maintained with all applicable legislation and industry regulations or standards (such as PCI DSS, GDPR, and ISO 27K).
The Application Security Office plays a highly transversal role and close collaboration with all other security actors in the company.
As part of the Application Security Office, the Application Security Operation Centre (ASOC) team is responsible to monitor, detect and remediate any kind of live production attacks on our Amadeus Production Applications.
One of our mission, so called SIEM (Security Incident and Event Management), is to be able to collect and analyse all possible security events that are coming from many different channels.
The goal of the internship will be work on our SIEM in order to :
· Analyse which information KPI ( Key Performance Indicator) should be displayed
· Consolidate and normalize security events
· Automate the collection of events
· Build tailored dash boards, by scope and domains on the defined KPI
· Improve the detection by defining new correlation models between the events
· Participate in the implementation of the recommendations
· Perform a survey before and after on stakeholder to measure the improvement
The improvement of the SIEM/ Dashboard will be key for the strategy of our application security operations centres.
Main Accountabilities
· Be able to summarize complex situations
· Communicate and report on activities
· Monitor networks and systems for security breaches
· Work cross-organization to integrate and operate all monitor and logging tools
· Participation in the evaluation of new solutions.
Education
· Computer Science or Engineering degree
· Fluent in English: Written and spoken (mandatory)
Technical Skills
· Good experience with both Linux & Windows flavours of Operation System
· Working knowledge of cloud infrastructure (GCP, AWS) and networking concepts
· Technical writing and documentation competencies needed
· Good general security knowledge, familiarity with OWASP top 10 is a plus
· Experience with coding/scripting (python, java, ruby, etc.) is a plus
Personal Skills
· Pro-activity, initiative, and autonomy.
· Ability to work independently and inside distributed teams.
· Strong analytical and conceptual skills.
· Curiosity and ability to learn quickly.
· Accountability and reliability, personal involvement.
· Strong planning skills.
· Good communication and presentation skills to internal and external customer
· Willingness and ability to convince people, and drive cross-organization projects.
· Multi-cultural approach, and ability to interface with all levels of the organization
· Proven experience in development is a plus
· Knowledge in security is a plus
Our diversity commitment: equality, diversity and inclusion are part of who we are. We’re committed to equal opportunities and treatment regardless of age, ethnicity, gender, beliefs, sexual orientation or disability.
Any duplication and display of partial or full content of our job advertisement on any support, such as brochures, websites, mail, emails, this list is not exhaustive, is strictly forbidden without prior formal Amadeus’ authorisation.
Recruitment agencies: Amadeus does not accept agency resumes. Please do not forward resumes to our jobs alias, Amadeus employees or any other company location. Amadeus is not responsible for any fees related to unsolicited resumes.