Overview
Senior/Staff Application Security Analyst (Bangkok based, relocation provided) at Agoda. Agoda is an online travel booking platform for accommodations, flights, and more. We build and deploy cutting-edge technology that connects travelers with a global network of hotels and other services. We are a diverse team with offices in multiple locations and a culture of experimentation and ownership.
The Security Department oversees security, governance, risk management, compliance, and security operations for all Agoda. We are looking for someone who wants to work with the best technology in a dynamic and advanced environment.
The Opportunity
The Security Department oversees security, governance, risk management, and compliance, and security operations for all Agoda. We are vigilant to ensure there is no breach or vulnerability threatening our company or employees. This role offers a chance to work with modern security technologies and drive security posture in a fast-paced environment.
Responsibilities
* Identify, analyze, and remediate vulnerabilities across our environment. Be hands-on with penetration testing and vulnerability management to keep systems secure and resilient.
* Develop Security Automation Tools to implement solutions at scale.
* Triage security findings from multiple tools and collaborate with hundreds of teams to remediate within the defined SLAs.
* Conduct security assessments through code reviews, vulnerability assessments, penetration testing, and risk analysis.
* Research the impact of vulnerabilities and adapt security controls for future prevention.
* Identify potential threats to protect the organization from malicious actors, including Vulnerability Management, Bug Bounty Programs, and Penetration Testing.
* Develop Security Trainings for developers.
* Collaborate with the DevSecOps team to integrate tools into CI/CD and fine-tune rules and precision.
What you’ll Need to Succeed
* 5+ years in information security.
* 5+ years of experience with Penetration Testing (Web, Infra, Mobile, APIs, etc.) and Vulnerability Management.
* Minimum 1 year of experience running a bug bounty program.
* Minimum 2 years of experience with cloud environments (OpenShift, Rancher, Kubernetes, AWS, GCP, Azure, etc.).
* Experience performing security testing, including code review and web application security testing.
* Familiarity with GitLab, DefectDojo, JIRA, Confluence.
* Proficient in one or more programming languages (e.g., Python, Go, Node.js).
* Familiar with analytics platforms and databases (GraphQL, REST APIs, PostgreSQL, MSSQL, Kafka, Hadoop, S3, etc.).
* Strong knowledge of security assessment tools ( Nessus, Acunetix, and similar platforms) and fuzzers.
Nice to have
* Knowledge in Container Image Security, Dependency Checking, Fuzzing, and License Scanning.
* Familiarity with security incident response processes and 0-days.
* Security Certifications.
* Relocation package for Bangkok, Thailand.
* Hybrid working model, WFH setup allowance, and remote working options.
* Employee discounts for accommodation globally.
* Global team with 90+ nationalities and 40+ offices.
* CSR/Volunteer time off, Benevity donations, volunteering opportunities, and wellness perks (Headspace, Odilo & Udemy).
Details
* Seniority level: Mid-Senior level
* Employment type: Full-time
* Job function: Information Technology
* Industries: Technology, Information and Internet
Equal Opportunity
Equal Opportunity Employer. Agoda is committed to equal employment opportunity regardless of sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, and other legally protected characteristics.
Disclaimer
We do not accept unsolicited third-party or agency submissions. If we receive such submissions, we may contact and hire the candidate directly without a recruitment fee.
#J-18808-Ljbffr