Senior Application Security Engineer (Bangkok based)
Bangkok (Central World Office)
About Agoda
Agoda is an online travel booking platform for accommodation, flights, and more. We build and deploy cutting edge technology that connects travelers with more than 2.5 million accommodations globally. Based in Asia and part of Booking Holdings, our 4,000+ talents coming from 90+ different nationalities foster a work environment rich in diversity, creativity, and collaboration. We innovate through a culture of experimentation and ownership, enabling our customers to experience the world.
Get to Know our Team:
The Security Department oversees security, compliance, GRC, and security operations for all Agoda. We are vigilant in ensuring there is no breach or vulnerability threatening our company or endangering our employees in order to keep Agoda safe and protected. This would be a great challenge for those who want to work with the best technology in a dynamic and advanced environment.
The Opportunity:
You will be working in a fast paced DevOps environment where code change happens at a rapid speed and where it is paramount to control security testing into a continuous deployment/integration flow.
In this Role, you’ll get to:
- Play a lead role in developing and designing application-level security controls and standards.
- Lead and manage our bug bounty program.
- Perform application security design reviews against new products and services.
- Track and prioritize all security issues.
- Build internal security tools that help fix security problems at scale.
- Perform code review and drive remediation of discovered issues.
- Enable automated security testing at scale to measure vulnerability, and report on risk across all microservice, web and mobile platforms.
- Build the security development training program to train developers on secure coding practices.
- Execute security tests on thousands of servers which are spread across multiple data centers.
What you'll Need to Succeed:
- Strong foundations in software engineering.
- Experience or working knowledge of modern development, test, and deployment models.
- Demonstrate expertise in application security domain and architecture design.
- Understanding of application security in context of SDLC and CI-CD.
- Understanding of OWASP MASVS and ASVS.
- In-depth knowledge of cloud-native ecosystem.
- Working knowledge on exploiting and fixing application vulnerabilities.
- Proficient in one or more programming languages such as Python, Go, Node.js, etc.
- Strong background in threat modeling.
- Familiarity with industry standard secure design models.
- In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10).
- Familiarity with automated dynamic scanners and proxy tools.
- An analytical mind for problem solving, abstract thought, and offensive security tactics.
- Ability to articulate complex issues to executives, product owners, and other developers.
- Highly effective communication skills, in both verbal and written forms, to effectively convey technical and non-technical concepts to a wide variety of audiences
It's great if you have:
- Security certifications
Equal Opportunity Employer
Agoda prides ourselves on being a company represented by people of all different backgrounds and orientations. We prioritize attracting diverse talent and cultivating an inclusive environment that encourages collaboration and innovation. Employment at Agoda is based solely on a person's merit and qualifications. We are committed to providing equal employment opportunity regardless of sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, and other legally protected characteristics.
To all recruitment agencies: Agoda does not accept third party resumes. Please do not send resumes to our jobs alias, Agoda employees or any other organization location. Agoda is not responsible for any fees related to unsolicited resumes.
By applying to this job, you agree that Agoda may process your personal data in accordance with https://careersatagoda.com/privacy-statement/.
#berlin #dublin #munich #hamburg #hongkong #budapest #jakarta #telaviv #IT #4 #5 #LI-JA1
LI-SM31
Tags: Application security Cloud Compliance DevOps Node.js Offensive security OWASP Privacy Python SDLC Vulnerabilities
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs