Senior Application Security Engineer

Bangkok (Central World Office)

Agoda logo
Apply now Apply later

Posted 1 month ago



Agoda is the largest and fastest growing online hotel booking platform in Asia and as a Booking Holdings company, we are part of the largest online travel company in the world. Technology is not just what we do – it’s at the heart of who we are. We have the dynamism and short chain of command of a start-up and the capital to make things happen. We love innovation and putting new technologies to work to extend our lead on the competition.

Working in one of the largest international Internet employers headquartered in Asia, your work has an impact on what we do around the globe. We move fast – why wait ages to see your ideas go live? Work on tough challenges, safe in the knowledge that you are surrounded by people as smart as you are (if not smarter!) to help solve them. While we’re on the subject, Agoda people come from over 80 countries: It’s an incredible technical creative melting pot.

Come join us and take your career to the next level!


Working in a fast paced DevOps environment where code change happens at a rapid speed and where it is paramount to control security testing into a continuous deployment/integration flow.

  • Strong foundations in software engineering.
  • Prior experience in testing web applications and web services.
  • In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10).
  • Familiarity with automated dynamic scanners and proxy tools.
  • An analytical mind for problem solving, abstract thought, and offensive security tactics.
  • Ability to articulate complex issues to executives and customers.
  • Perform application security design reviews against new products and services
  • Track and prioritize all security issues
  • Build internal security tools that help fix security problems at scale
  • Play a lead role in developing and designing application-level security controls and standards for our SaaS rollouts
  • Perform code review and drive remediation of discovered issues
  • Enable automated security testing at scale to measure vulnerability, and report on risk across all the web and mobile platforms
  • Lead and manage our bug bounty program
  • Build the security development training program to train developers on secure coding practices
  • Security certifications a plus!


  • Experience or working knowledge of modern development, test, and deployment models
  • Demonstrated expertise in application security domain
  • Understanding of application security in context of SDLC and CI-CD
  • Working knowledge on exploiting and fixing application vulnerabilities
  • Proficient in one or more programming languages such as React, Python, Ruby, etc
  • Highly effective communication skills, in both verbal and written forms, to effectively convey technical and non-technical concepts to a wide variety of audiences
  • Strong background in secure application architecture design.
  • Strong background in threat modeling.
  • Familiarity with industry standard secure design models.


We welcome applications from both local and international candidates - full relocation and visa sponsorship available.

Agoda is a Booking Holdings (BKNG) company, the world’s leading provider of brands that help people book great experiences through technology.

By applying to this job, you agree that Agoda may process your personal data in accordance with Agoda applicants privacy statement. (link to



#bangkok #thailand #IT #4 #LI-JA1



Job tags: Architecture DevOps Go Offensive Security Python Ruby SaaS Vulnerabilities