Job Title Application Security Engineer (White Hat) ** All CVs must be submitted in English** About the area/department: Consulting and Bespoke Services (CBS) within Amadeus focuses on delivering tailored solutions to meet the unique needs of our customers. Our customers include travel agents, large online travel websites, and other travel-related businesses. We work closely with various departments to integrate and deploy customized solutions, ensuring seamless operations and enhanced customer satisfaction. The team is involved in the entire lifecycle of customer solutions, from initial consultation and design to implementation and ongoing support. In addition to our hub in Bogota, we also have hubs in APAC (Thailand, India, and Taipei) and Europe (Spain and France). Summary of the Role: You will be responsible for ensuring the security of our software applications by identifying vulnerabilities and collaborating with software developers to mitigate them throughout the software development lifecycle. This role involves working closely with development and QA teams to conduct threat models, implement secure coding practices, monitor the treatment of scan findings, and provide guidance on addressing discovered vulnerabilities. Additionally, you will work with QA to ensure security functional test case coverage and gather evidence for PCI audits. In this role you’ll: Facilitate threat modeling sessions with developers, QA, and functional experts to identify potential issues in new solutions being planned. Monitor findings detected by source code and binary scanning tools and work with developers to ensure they are addressed during the development process. Manage the treatment of vulnerabilities detected in existing applications by calculating the environmental CVSS scores, suggesting remediation strategies, and following the progress of the vulnerability until closure. Work with development teams, QA, and Platform Operation teams to collect evidence for annual PCI audits and ensure that any new applications developed are compliant with PCI-DSS. About the ideal candidate: The ideal candidate would be highly detail-oriented and possesses a deep understanding of the software development lifecycle and secure coding practices, particularly with .NET and Docker/Kubernetes. They should have the ability to analyze vulnerabilities, suggest remediation strategies, and clearly communicate these strategies to developers, working with them to ensure the closure of vulnerabilities. Effective problem-solving, communication, and analytical skills are essential, as well as the ability to work collaboratively with cross-functional teams in both English and Spanish. Additionally, the ideal candidate should be knowledgeable about PCI-DSS compliance and capable of working with various teams to collect evidence for annual PCI audits. Technical Competencies: Fortify, Security Center, and BlackDuck: Proficiency in using these security tools to identify and manage vulnerabilities in software applications. .NET Development: Understanding and experience in developing secure applications using the .NET framework. Kubernetes/Docker: Knowledge of containerization and orchestration technologies to ensure secure deployment and management of applications. CVSS Vulnerability: Ability to calculate and interpret Common Vulnerability Scoring System (CVSS) scores to assess the severity of vulnerabilities. Threat Modeling: Expertise in conducting threat modeling sessions to identify potential security issues in new and existing applications. What we can offer you: Get rewarded with competitive remuneration, individual and company annual bonus, vacation and holiday paid time off, health insurances and other competitive benefits. Work hybrid at our Bogota office. Professional development to broaden your knowledge and enhance your skills with on-line learning hubs packed with technical and soft skills training that allow you to develop and grow. Enter a diverse and inclusive workplace, join one of the world’s top travel technology companies and take on a role that impacts millions of travelers around the globe.