Senior Application Security Engineer (Bangkok based, relocation provided)

About Agoda 

Agoda is an online travel booking platform for accommodations, flights, and more. We build and deploy cutting-edge technology that connects travelers with more than 2.5 million accommodations globally. Based in Asia and part of Booking Holdings, our 4,000+ employees representing 90+ nationalities foster a work environment rich in diversity, creativity, and collaboration. We innovate through a culture of experimentation and ownership, enhancing the ability for our customers to experience the world.

Get to Know our Team:  

The Security Department oversees security, compliance, GRC, and security operations for all Agoda. We are vigilant in ensuring there is no breach or vulnerability threatening our company or endangering our employees in order to keep Agoda safe and protected. This would be a great challenge for those who want to work with the best technology in a dynamic and advanced environment. 

The Opportunity: 

You will be working in a fast paced DevOps environment where code change happens at a rapid speed and where it is paramount to control security testing into a continuous deployment/integration flow. 

In this Role, you’ll get to: 

• Play a lead role in developing and designing application-level security controls and standards. 
• Perform application security design reviews against new products and services. 
• Track and prioritize all security issues. 
• Build internal security tools that help fix security problems at scale. 
• Perform code review and drive remediation of discovered issues. 
• Enable automated security testing at scale to measure vulnerability, and report on risk across all microservice, web and mobile platforms. 
• Execute security tests on thousands of servers which are spread across on-premise and public cloud data centers. 

What you'll Need to Succeed: 

• Strong foundations in software engineering. 
• Minimum of 7 years of technical experience with any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security.
• Minimum 2 years experience with Software Development Life Cycle in one or more languages (Rust, Python, Go, Nodejs, etc.)
• Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.)
• Experience in running assessments using OWASP MASVS and ASVS.
• Working knowledge on exploiting and fixing application vulnerabilities.
• Strong background in threat modeling.
• In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10).
• Familiarity with automated dynamic scanners, fuzzers, and proxy tools.
• An analytical mind for problem solving, abstract thought, and offensive security tactics.
• Highly effective communication skills, in both verbal and written forms, to effectively convey technical and non-technical concepts to a wide variety of audiences 

*Relocation package is provided in case you prefer to relocate to Bangkok, Thailand. Our benefits are...

• Hybrid Working Model
• WFH Set Up Allowance
• 30 Days of Remote Working from anywhere globally every year
• Employee discount for accommodation globally
• Global team of 85+ nationalities
• 40+ offices and 25+ countries
• Annual CSR / Volunteer Time off
• Benevity Subscription for employee donations
• Volunteering opportunities globally
• Free Headspace subscription
• Free Odilo & Udemy subscriptions
• Access to Employee Assistance Program (third party for personal and workplace support)
• Enhanced Parental Leave
• Life, TPD & Accident Insurance

#sanfrancisco #sanjose #losangeles #sandiego #oakland #denver #miami #orlando #atlanta #chicago #boston #detroit #newyork #portland #philadelphia #dallas #houston #austin #seattle #sydney #melbourne #perth #toronto #vancouver #montreal #shanghai #beijing #shenzhen #prague #Brno #Ostrava #cairo #alexandria #giza #estonia #paris #berlin #munich #hamburg #stuttgart #cologne #frankfurt #dusseldorf #dortmund #essen #Bremen #leipzig #dresden #hanover #nuremberg #athens #hongkong #budapest #jakarta #bali #dublin #telaviv #jerusalem #milan #rome #venice #florence #naples #turin #palermo #bologna #tokyo #osaka #yokohama #nagoya #okinawa #fukuoka #sapporo #kualalumpur #malta #amsterdam #oslo #manila #warsaw #krakow #bucharest #doha #alrayyan #moscow #saintpetersburg #riyadh #jeddah #mecca #medina #singapore #capetown #johannesburg #seoul #barcelona #madrid #stockholm #zurich #taipei #tainan #taichung #kaohsiung #bangkok #Phuket #istanbul #dubai #abudhabi #sharjah #london #manchester #liverpool #edinburgh #kiev #hcmc #hanoi #lodz #wroclaw #poznan #katowice #rio #salvador #newdelhi #bangalore #bandung #yokohama #nagoya #okinawa #fukuoka #IT #4 #LI-RS1

Equal Opportunity Employer 

At Agoda, we pride ourselves on being a company represented by people of all different backgrounds and orientations. We prioritize attracting diverse talent and cultivating an inclusive environment that encourages collaboration and innovation. Employment at Agoda is based solely on a person’s merit and qualifications. We are committed to providing equal employment opportunity regardless of sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, and other legally protected characteristics.

We will keep your application on file so that we can consider you for future vacancies and you can always ask to have your details removed from the file. For more details please read our privacy policy.

To all recruitment agencies: Agoda does not accept third party resumes. Please do not send resumes to our jobs alias, Agoda employees or any other organization location. Agoda is not responsible for any fees related to unsolicited resumes.

#LI-Hybrid