Senior Cloud Security Infrastructure Engineer

at  SITA Switzerland Sarl

EXPERIENCE:

• 5+ years in an IT engineering or architecture capacity with at least 2 years in a security related field.
• 3+ years experience working in Public Cloud (Azure or AWS with preference on Azure) environments; experience with private / hybrid cloud an advantage.
• Knowledge and experience with automation and deploying infrastructure as Code via CI/CD pipelines a must (Ansible, Terraform, Azure DevOps, GitHub).
• Practical experience of virtualization (VMWare) and containerization (Docker, Kubernetes, Rancher etc.)
• Advanced experience in coding/scripting via Python, Bash, Powershell/PowerCLI for generating test artefacts (users, certificates, signatures, etc)
• Understanding of Linux and Windows administration and configuration (RedHat and Microsoft certifications an advantage) including hardening against CIS Benchmarks & CIS-CAT scanning.
• Understanding of core networking technologies including routing, switching, wi-fi, load balancing, DNS, IPv6 etc. (Cisco or Juniper certifications an advantage)
• Practical experience with network security technologies including firewalls, proxies, secure web gateways, Web Application Firewalls, DDoS protection (certifications in Palo Alto, Fortinet, Cisco, Juniper, Cloudflare security products an advantage)
• Practical experience of deployment and use of vulnerability scanners (e.g. Nessus, Qualys) and vulnerability management including assessments and remediation.
• Proven knowledge and experience of storage technologies, encryption at rest, encryption in transit, secrets and key management, PKI etc.
• Practical experience in trust arrangements and technologies which include identity providers (Active Directory, Azure AD) modern authentication methods (OIDC, SAML), claims/identity mapping across trust domains, federation topologies, token encryption signing, and managed identities for cloud principals (experience with vendors such as Okta, Ping, ForgeRock an advantage).
• Experience with Privileged Access Management / Privileged Identity Management an advantage.
• Understanding of common security frameworks (ISO27001, NIST800-53, CIS, CSA CSM)
• Experience of participating in security audits, tabletop exercises and red teaming an advantage.
• Excellent communication skills and ability to present to all levels of technical / non-technical team members
• Excellent team player with ability to communicate and work with cross functional teams
• Certifications with CISSP, CISM, or CKS desired
• Bachelors degree in Information Security or related field

ABOUT THE ROLE & TEAM:

As a Senior Cloud Security Infrastructure Engineer you will be accountable for supporting DevOps teams designing, developing, and operating SITA infrastructure. Reporting to the Project Portfolio Manager, you will be a part of our growing Security and Compliance Team, an Agile Team within SITA Infrastructure & Cloud Engineering (ICE).
The world is changing. Are you ready to define with future of travel with us?

WHAT YOU WILL DO:

• Work with security and infrastructure architects in the secure design of SITA networks and infrastructure.
• Work with scrum teams to support agile delivery of new infrastructure incorporating security and privacy by design.
• Create / review Infrastructure as Code to meet SITA, regulatory and market security requirements and best practices to be deployed via CI/CD pipelines.
• Support DevSecOps initiatives to shift left in the detection and remediation of security vulnerabilities and defects.
• Work closely with the SITA Enterprise Information Security Office (EISO) to evolve security guidance and guardrails around infrastructure development and build following a risk based approach.
• Develop new network and infrastructure security controls and tooling including threat detection, vulnerability management, encryption, identity & access management etc.
• Assess emerging security technologies.
• Provide improvement suggestions regarding the security, usability, performance, maintainability, and scalability of existing infrastructure.
• Provide reports and presentations to key stakeholders including management, business partners, regulators and auditors.
• Contribute to the security maturity of SITA through production of documentation, knowledge transfer and conducting training sessions.
• Assist in responding to security issues and incidents as a Subject Matter Expert.
• Facilitate discussions with Engineering and Development teams, while having ability to guide and persuade in reaching decisions to achieve optimal security and business outcomes.
  Qualifications: