In a world where cyber security is vital, why not join the team responsible for protecting Europe’s leading provider of flight and travel search sites and mobile applications?
This position plays a key role in ensuring Skyscanner teams are taking all required steps in building a world-class operational security function.
The Operational Security Squad (SecOps) forms part of our Employee Enablement Tribe who have responsibility for all aspects of IT and Site Hosting for Skyscanner.
You’ll play a major and leading role in protecting Skyscanner against security risks, with influence to implement cutting-edge measures to minimise exposures and vulnerabilities. We will look toward your unique skills to approach and solve problems in your own way. Whether engineering a system to address a technical security hurdle, protecting our customers’ data, or consulting on a wide range of security topics, you are empowered to engage and lead cross-functionally.
- To drive improvements to Skyscanner’s operational security posture through strategic planning and collaboration with both infrastructure and development teams, with trust, autonomy and influence
- To contribute to security strategy and security tooling selection/build
- Engage in cutting-edge offensive security and implement measures to secure and protect the Skyscanner website and mobile apps
- Implement measures to secure and protect Skyscanner’s corporate network and endpoints across 10 global offices
- Perform ‘red-teaming’ exercises to test the resilience of our applications and infrastructure
- Providing subject matter expertise on all areas of operational security
- Security threat analytics & incident response
- Drive improvements in alerting and monitoring
- Automate and scale vital security processes
- Cross-team security initiatives
What do you need to apply?
- A proven and strong depth of expertise in Cyber and Information Security is essential - with hands-on experience in web and mobile security for critical 24/7 applications
- Knowledge of security in distributed systems at scale
- Experience of security in a DevOps environment is preferred and/or experience of Agile methodologies (e.g. sprints, Kanban)
- Experience of ‘red-teaming’ or ‘hack yourself first / war gaming’ methodologies
- Knowledge of bots and their effect on high-transactional global websites
- Experience in Ethical Hacking, Metasploit, Kali Linux, Backtrack etc
- Knowledge of the latest industry vulnerabilities & attack vectors
- Endpoint protection understanding, including malware analysis
- Network Intrusion Monitoring
- Access Control/Privilege
- Threat Detection/Intelligence/Reverse Engineering/Threat Modelling
- Container Security
- Open, deep and darkweb research
- Cloud and virtualisation technology knowledge essential (AWS) and how to protect them
- DDOS protection methodologies
- Sound knowledge of next-gen firewalls (Palo Alto, Checkpoint, Fortinet etc)
- SIEM experience (Splunk, Sumo Logic) and how to automate processes
- Sound knowledge of the OWASP Top 10 and how they can be prevented
- Knowledge and understanding of web programming languages is highly preferred (e.g. we’re big Python users but an awareness of other coding languages would also work to help build tools or automate processes to improve maturity)
- Experience in detecting, managing and resolving security-related incidents using threat analytics and crisis management
- Excellent analytical and reasoning skills with an ability to influence at all levels
- A passion for technology, the internet economy and mobile applications
- A professional security qualification is desirable (e.g. CISSP, CISM, Certified Ethical Hacker)
- - ‘Skyscanner University’ offers a range of courses for tech and business topics.
- - At Skyscanner there’s no clocking in and there’s no bell at the end of the day, they prefer to give you the freedom and autonomy to do your job, add value and own your work.
- - Better than average annual leave in all office locations.
- - There’s enhanced maternity and paternity leave and a flexible working policy to encourage and enable a healthy work-life balance.