People are at the core of Fareportal. We are one of the fastest growing travel technology companies in the world; our portfolio of travel brands, including flagship product CheapOair, receives over 100 million visitors annually.
This position reports to the Security Operations Lead and will be the primary resource to manage and provide security operations, incident response management, access control, security general computing, security tools event monitoring, and vulnerability mitigation. This role will be heavily engaged in the ensuring security compliances (e.g ISO 27001, PCI-DSS, security audits and risk remediation as well as cyber security threat assessment and coordination.
▪ Monitor security event queues and recommend improvements based on events or incidents of security breaches in the areas of networks, applications, databases, systems, and endpoints.
▪ Identify, categorize, prioritize and investigate correlated events.
▪ Assist Fareportal’s IRT (Incident Response Team) and IT Infrastructure teams with device event correlation.
▪ Perform investigation and triage of events and incidents and escalate according to SOCs SLAs.
▪ Maintain and enhance the data encryption across the whole environment
▪ Ensure security controls are in place for the site.
▪ Ensure compliance to security frameworks (e.g. ISO 27001, PCI-DSS etc.)
▪ Ensure security awareness on the site by conducting security trainings and other innovative methods.
▪ Conduct security audits for the site and report non-compliances to security leadership.
▪ Proactive engagement in the cyber security threat assessments.
▪ Document investigation results and provide relevant details for final analysis.
▪ Support web Content Filtering Analysis, Development and Testing
Develop security technical documentation for internal and external use
▪ Develop and maintain technical expertise pertaining to all the security tools in use.
▪ Coordinate with site head and IT teams to fix highlighted security gaps.
Minimum of 4-6 years of progressive experience in information and cyber security and audit compliance, with specific focus on security tools and frameworks of security assessments like ISO 27001 and PCI-DSS.
▪ Require understanding of Information Security practices for the network, servers, databases, applications, and advanced use of Information Security assessment techniques.