Application Security Engineer

at  WebBeds

WHO ARE WEBBEDS?

WebBeds is the fastest growing and most significant accommodation supplier to the travel industry. We are a global company offering ground services (hotels, transfers, tours, activities) to travel professionals. Our products help our partners and customers to create amazing Travel experiences.
Our Products range from a Retail Online platform, Integration Connectivity hub and distribution APIs to name but a few and our systems are 100% cloud hosted processing up to 5.0bn search requests daily. We deliver amazing outcomes using leading edge technology through innovative and creative thinking.
WebBeds is a subsidiary of Webjet Limited (ASX: WEB) – an ASX 200 listed company operating a global digital travel business.

THE SKILLS WE WOULD LOVE TO SEE IN YOUR SUITCASE!

• Experience with cloud technologies in AWS & Azure (AWS is essential).
• 2 yrs + experience in a similar role.
• Prior experience with Web Development and Software Engineering with C#, PHP, Golang, Python, or other languages.
• Experience with security related architecture, code reviews, and security assurance activities.
• Experience with hardening and security of Linux operating system.
• Understanding of risk management and conducting a technology-specific risk assessment.
• Ability to explain security risks and concepts in layman terms.
• Research and recommend new security technologies to new or existing problems, and be able to explain and communicate design decisions.
• Have strong communication skills and be comfortable providing feedback and updates to key stakeholders within the business.
• Enjoy finding solutions to problems and working effectively with others to reach agreement.
• A professional approach to work, integrity, and respect for policies.
• Hands-on technical security/penetration testing for Web applications.
• Knowledge of OWASP top 10 and relevant controls.

WHAT WILL YOU DO ON YOUR JOURNEY WITH WEBBEDS?

WebBeds is the world’s fastest growing provider of accommodation distribution services to the travel industry. Our products incorporate distribution APIs, payment integrations, ERP integration, Data Lakes, User Interfaces, and others. Our search API reach peaks of more than 50.000 requests per second, each one consisting of tens or hundreds of hotels, with continued expansion.
“We design, deliver and support innovative solutions through engagement, collaboration and a fearsome passion for creating customer value” is our mission as an IT organization.
With this in mind, we strive to be at the leading edge of technology when it comes to build the platform that meets the needs of our Supply partners and customers. This translates to the use of latest technology including .NET Core versions, K8S, microservices architecture, clouds hosting and orchestration, CI/CD pipelines, automated testing, Proactive monitoring, and alerting systems, to name a few.
Our delivery teams have the creativity and freedom to express themselves by building innovative solutions to often complex problems and are challenged to reach higher levels daily. Our teams consist of product owners, QA engineers, Software Engineers, and people from across the business all working collectively and collaboratively. We have a very strong technical team from which you will be able to learn, but are encouraged by new ideas and fresh thinking that you will bring with you.

IN THIS ROLE YOU WILL:

Join our growing Group Security team here at Webjet Limited. This is is a wide-ranging role that covers a set of key responsibilities including managing our third-party risk assessments, project risk assessments, understanding key risks to the business, and working with our stakeholders and development teams to put appropriate controls in place to mitigate these risks.

KEY ELEMENTS TO THIS ROLE INCLUDE, BUT NOT LIMITED TO:

• Understand our internal threat landscape and work with relevant teams to mitigate related risks.
• Support and collaborate with development and platform engineering teams in building security into DevOps processes.
• Champion our vulnerability management program to understand key weaknesses to the business and help tune these controls.
• Collaborate with development teams to investigate security alerts raised and track through to remediation.
• Champion our security review process by performing risk assessments for new projects and enhancements to understand key risks and appropriate mitigation to the business.
• Work closely with our key stakeholders to ensure they understand their environment and business processes to identify key risks and provide advice on what appropriate controls could be implemented to reduce our exposure to risk.
• Support the audit function within the team to ensure we are operating to internal and relevant industry standards.