This senior position plays a key role in ensuring Skyscanner teams are taking all required steps in building a secure product set. The Security Squad forms part of our Employee Enablement Tribe who have responsibility for all aspects of IT and Site Hosting for Skyscanner.
You’ll play a major and leading role in protecting Skyscanner against security risks, with influence to implement cutting-edge measures to minimise exposures and vulnerabilities. We will look toward your unique skills to approach and solve problems in your own way. Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead cross-functionally.
- To drive improvements to Skyscanner’s security posture through strategic planning and collaboration with both infrastructure and development teams, with trust, autonomy and influence
- To contribute to security strategy and security tooling selection
- Implement measures to secure and protect the Skyscanner website and mobile apps
- Implement measures to secure and protect Skyscanner’s corporate network across 10 global offices
- Perform vulnerability assessments and penetration testing (we'll expect you to already know the type of security vulnerabilities a company like ours faces)
- Providing subject matter expertise on all areas of security throughout the project lifecycle
- Security threat analytics & incident response
- Liaison with development teams for code reviews & education
- Cross-team security initiatives
What do you need to apply?
- A proven and strong depth of expertise in Cyber and Information Security is essential - ideally with hands-on experience in web and mobile security for critical 24/7 applications
- Knowledge of security in distributed systems at scale
- Experience of security in a DevOps environment is preferred and/or experience of Agile methodologies (e.g. sprints, Kanban)
- A comprehensive knowledge of technology enabled controls i.e. IT Networks, IDS, IPS, Encryption, Cryptography, Key management, Wireless comms, Penetration Testing, Firewalls
- Awareness and experience of the Data Protection Act, ISO 27001 and PCI-DSS
- Experience in design and implementation of Infrastructure, Network and Application Security policies
- Experience in Ethical Hacking, Metasploit, Kali Linux
- Knowledge of the latest industry vulnerabilities, anti-virus software & advanced malware protection
- Cloud and virtualisation technology knowledge essential (AWS)
- DDOS protection methodologies
- Sound knowledge of the OWASP Top 10 and how they can be prevented
- Knowledge and understanding of web programming languages is highly preferred (e.g. we're big Python users but an awareness of other coding languages would also work to engage with our developers from a security coding perspective, code reviews etc.)
- Experience of performing security reviews and risk assessments
- Experience in detecting, managing and resolving security-related incidents using threat analytics
- Good analytical and reasoning skills
- A passion for technology, the internet economy and mobile applications
- A professional security qualification is desirable (e.g. CISSP, CISM, Certified Ethical Hacker)
- - ‘Skyscanner University’ offers a range of courses for tech and business topics.
- - At Skyscanner there’s no clocking in and there’s no bell at the end of the day, they prefer to give you the freedom and autonomy to do your job, add value and own your work.
- - Better than average annual leave in all office locations.
- - There’s enhanced maternity and paternity leave and a flexible working policy to encourage and enable a healthy work-life balance.