Senior/Staff Application Security Analyst (Bangkok based, relocation provided)
Role location: Bangkok, relocation provided. Agoda is seeking a Senior/Staff Application Security Analyst to join the Security Department. The team oversees security, governance, risk management, compliance, and security operations for all Agoda. We are vigilant in ensuring there is no breach or vulnerability threatening our company or employees. The successful candidate will be hands-on with vulnerability management, penetration testing, and security automation, and will collaborate with DevSecOps and multiple teams to secure Agoda’s environments.
Responsibilities
* As a Security Analyst, you will focus on identifying, analyzing, and remediating vulnerabilities across our environment. You will be hands-on with penetration testing and vulnerability management, ensuring our systems remain secure and resilient.
* Develop Security Automation Tools to implement solutions at scale
* Triage security findings from multiple tools and work with hundreds of teams to get them remediated within the right SLA
* Conduct security assessments through code reviews, vulnerability assessments, penetration testing and risk analysis
* Research on the negative effects of a vulnerability, from minimizing the impact to altering security controls for future prevention
* Identify potential threats so that the organization can protect itself from malicious hackers. This includes Vulnerability Management, Bug Bounty Program, Penetration Testing
* Be responsible for developing Security Trainings for developers
* Work with DevSecOps team in integration of tools into CI/CD, as well as fine-tune the rules and precision
What you’ll need to succeed
* 5+ years in the information security field
* 5+ years of experience with Penetration Testing (Web, Infra, Mobile, APIs etc.) and Vulnerability Management
* Minimum 1 year of experience running a bug bounty platform
* Minimum 2 years of experience with any of public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.)
* Experience performing security testing, e.g. code review and web application security testing
* Familiarity with Gitlab, Defectdojo, JIRA, Confluence
* Proficient in one or more programming languages such as Python, Go, Node.js, Python etc.
* Familiar with analytics platform and databases such as GraphQL, REST APIs, Postgres, MSSQL, Kafka, Hadoop, S3 etc
* Strong knowledge of Security Assessment tools such as security scanners (Nessus, Acunetix and similar platforms) and fuzzers
Nice to have
* Knowledge in Container Image Security, Dependency Checking, Fuzzing and License Scanning
* Familiarity with security incident response processes and 0-days
* Security Certifications
Relocation and Benefits
* Relocation package is provided in case you prefer to relocate to Bangkok, Thailand.
* Hybrid Working Model
* WFH Set Up Allowance
* 30 Days of Remote Working from anywhere globally every year
* Employee discount for accommodation globally
* Global team of 90+ nationalities
* 40+ offices and 25+ countries
* Annual CSR / Volunteer Time off
* Benevity Subscription for employee donations
* Volunteering opportunities globally
* Free Headspace subscription
* Free Odilo & Udemy subscriptions
* Access to Employee Assistance Program
* Enhanced Parental Leave
* Life, TPD & Accident Insurance
Equal Opportunity Employer
At Agoda, we pride ourselves on being a company represented by people of all different backgrounds and orientations. We prioritize attracting diverse talent and cultivating an inclusive environment that encourages collaboration and innovation. Employment at Agoda is based solely on a person’s merit and qualifications. We are committed to providing equal employment opportunity regardless of sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, and other legally protected characteristics.
We will keep your application on file so that we can consider you for future vacancies and you can always ask to have your details removed from the file. For more details please read our privacy policy.
Disclaimer
We do not accept any terms or conditions, nor do we recognize any agency’s representation of a candidate, from unsolicited third-party or agency submissions. If we receive unsolicited or speculative CVs, we reserve the right to contact and hire the candidate directly without any obligation to pay a recruitment fee.
#J-18808-Ljbffr