Engineering is what drives Fareportal. We are one of the fastest growing travel technology companies in the world; our portfolio of travel brands, including flagship product CheapOair, receive over 100 million visitors annually.
We are seeking a Manager of Information Security. The right candidate will provide advanced operations and engineering support for critical security systems and services including Windows and Linux servers, endpoint security, computer forensics, vulnerability/penetration assessment/mitigation and security event management (SIEM).
Fareportal offers a plethora of travel products such as Booking Engines for flight, cars, hotels, vacations, events and activities and mobile websites. We use the latest, cutting edge technologies to produce one of the fastest loading and high converting travel websites.
There isn’t a better time to join our growing global team!
- Responsible for Identity and Access Management (IAM) systems and Privileged Accounts Management (PIM).
- Participate in implementation of information security monitoring and reporting.
- Serve as initial escalation point for information security team, providing outstanding customer service through timely, high quality issue resolution.
- Write and contribute to project plans, author network security engineering level documentation, and develop detailed test plans.
- Implementing IDS/IPS, log management, and related network security infrastructure and services.
- Triaging DLP alerts for sensitive and unapproved data leakage.
- Have in-depth knowledge of working on Vulnerability Assessments and Web application security assessments (both automated and manual)
- Create, present and publish, KPI and KRI to department and senior management.
- Responsible for ensuring, proper documentation and evidence retention appropriately relating to data loss.
- Create and manage existing rules on loss prevention and web content filtering solution to mitigate business and information risk
- Perform spot audit to assess the effectiveness of implemented control and identify gaps in operational and technical process against organizational process and standard industry practice.
- Keep abreast with current and trending information on various information security domain and recommend remediation plans to protect the business and information against emerging threats to data and business.
- Working knowledge of IT technologies including: ISO/IEC 7498-1, Routing & Switching in LAN/WAN architectures, WLAN, Radius, Firewalls, SSO/SAML, SaaS/Cloud Services, Identity Access Management, SDLC, Microsoft Technologies (Active Directory, IIS, ISA, DNS, SQL),Linux.
- Knowledge of information security frameworks and industry regulations (NIST, ISO, CoBIT, PCI, SOX).
- BS in technology-related or information security-related curriculum required
- 5-7 years of relevant experience
- Comprehensive knowledge and direct experience of IDS/IPS, NextGen and applications firewalls, VPN, DLP, data encryption, SIEM, vulnerability and penetration testing, Windows / Linux and database security.
- CISSP, CISM, CISA, CEH, CEPT, GIAC or similar relevant information security certifications required (atleast one)
- Strong understanding and working knowledge of networking and web technologies, identity and management (IAM) systems, forensics, incident response, and investigation.
- Proven knowledge and hands on experience on one or more industry standard tools on following information security disciplines: Data Loss Prevention (DLP), Web content filtering, IAM/PIM, VAPT and Application Testing Tools.
- Perform Root cause analysis of the data loss/leakage incident and recommend remediation plan.