Agoda
Senior/Staff Application Security Engineer (Bangkok based, relocation provided)
Agoda, Chicago, Illinois, United States, 60290
Senior/Staff Application Security Engineer (Bangkok based, relocation provided)
Bangkok, Thailand
Agoda is an online travel booking platform for accommodations, flights, and more. We build and deploy cutting-edge technology that connects travelers with a global network of 4.7M hotels and holiday properties worldwide, plus flights, activities, and more. Based in Asia and part of Booking Holdings, our 7,100+ employees representing 95+ nationalities in 27 markets foster a work environment rich in diversity, creativity, and collaboration. We innovate through a culture of experimentation and ownership, enhancing the ability for our customers to experience the world.
Our Purpose –
Bridging the World Through Travel
We believe travel allows people to enjoy, learn and experience more of the amazing world we live in. It brings individuals and cultures closer together, fostering empathy, understanding and happiness.
We are a skillful, driven and diverse team from across the globe, united by a passion to make an impact. Harnessing our innovative technologies and strong partnerships, we aim to make travel easy and rewarding for everyone.
The Security Department
oversees security, compliance, GRC, and security operations for all Agoda. We are vigilant in ensuring there is no breach or vulnerability threatening our company or endangering our employees in order to keep Agoda safe and protected. This would be a great challenge for those who want to work with the best technology in a dynamic and advanced environment.
The Opportunity/Role Summary
Conduct application security reviews and perform penetration testing, ensuring alignment with compliance standards
Engage in projects, research, and security tool development to enhance security measures and meet compliance requirements
Scale security processes using automation
Provide training, outreach, and develop documentation to guide security practices among internal teams
Offer technical guidance, advocate for automation, evaluate designs, and lead our security teams to empower engineering partners with cutting-edge tools, techniques, and methodologies to naturally build secure products
What you’ll Need to Succeed / Role Requirements
Strong foundations in secure design reviews, threat modeling experience, code reviews, pen-testing
Minimum of 3 years of technical experience with any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security
Minimum 2 years experience with Software Development Life Cycle in one or more languages (Go, Python, Nodejs, Rust, etc.)
Experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.)
In-depth knowledge of security principles, compliance regulations, and change management
Experience in running assessments using OWASP MASVS and ASVS
Working knowledge on exploiting and fixing application vulnerabilities
Proven expertise in architectural threat modeling and conducting secure design reviews
In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10 or SANS top 25)
Familiarity with automated dynamic scanners, fuzzers, and proxy tools
An analytical mind for problem solving, abstract thought, and offensive security tactics
Highly effective communication skills, in both verbal and written forms, to effectively convey technical and non-technical concepts to a wide variety of audiences
Exposure to advanced AI and Large Language Model (LLM) security
Relocation package is provided in case you prefer to relocate to Bangkok, Thailand
Hybrid Working Model
WFH Set Up Allowance
30 Days of Remote Working from anywhere globally every year
Employee discount for accommodation globally
Global team of 90+ nationalities
40+ offices and 25+ countries
Annual CSR / Volunteer Time off
Benevity Subscription for employee donations
Volunteering opportunities globally
Free Headspace subscription
Free Odilo & Udemy subscriptions
Access to Employee Assistance Program (third party for personal and workplace support)
Enhanced Parental Leave
Life, TPD & Accident Insurance
Equal Opportunity Employer
At Agoda, we pride ourselves on being a company represented by people of all different backgrounds and orientations. We prioritize attracting diverse talent and cultivating an inclusive environment that encourages collaboration and innovation. Employment at Agoda is based solely on a person’s merit and qualifications. We are committed to providing equal employment opportunity regardless of sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, and other legally protected characteristics.
Disclaimer: We do not accept unsolicited third-party or agency submissions. We reserve the right to contact and hire candidates directly.
#J-18808-Ljbffr
Agoda is an online travel booking platform for accommodations, flights, and more. We build and deploy cutting-edge technology that connects travelers with a global network of 4.7M hotels and holiday properties worldwide, plus flights, activities, and more. Based in Asia and part of Booking Holdings, our 7,100+ employees representing 95+ nationalities in 27 markets foster a work environment rich in diversity, creativity, and collaboration. We innovate through a culture of experimentation and ownership, enhancing the ability for our customers to experience the world.
Our Purpose –
Bridging the World Through Travel
We believe travel allows people to enjoy, learn and experience more of the amazing world we live in. It brings individuals and cultures closer together, fostering empathy, understanding and happiness.
We are a skillful, driven and diverse team from across the globe, united by a passion to make an impact. Harnessing our innovative technologies and strong partnerships, we aim to make travel easy and rewarding for everyone.
The Security Department
oversees security, compliance, GRC, and security operations for all Agoda. We are vigilant in ensuring there is no breach or vulnerability threatening our company or endangering our employees in order to keep Agoda safe and protected. This would be a great challenge for those who want to work with the best technology in a dynamic and advanced environment.
The Opportunity/Role Summary
Conduct application security reviews and perform penetration testing, ensuring alignment with compliance standards
Engage in projects, research, and security tool development to enhance security measures and meet compliance requirements
Scale security processes using automation
Provide training, outreach, and develop documentation to guide security practices among internal teams
Offer technical guidance, advocate for automation, evaluate designs, and lead our security teams to empower engineering partners with cutting-edge tools, techniques, and methodologies to naturally build secure products
What you’ll Need to Succeed / Role Requirements
Strong foundations in secure design reviews, threat modeling experience, code reviews, pen-testing
Minimum of 3 years of technical experience with any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security
Minimum 2 years experience with Software Development Life Cycle in one or more languages (Go, Python, Nodejs, Rust, etc.)
Experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.)
In-depth knowledge of security principles, compliance regulations, and change management
Experience in running assessments using OWASP MASVS and ASVS
Working knowledge on exploiting and fixing application vulnerabilities
Proven expertise in architectural threat modeling and conducting secure design reviews
In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10 or SANS top 25)
Familiarity with automated dynamic scanners, fuzzers, and proxy tools
An analytical mind for problem solving, abstract thought, and offensive security tactics
Highly effective communication skills, in both verbal and written forms, to effectively convey technical and non-technical concepts to a wide variety of audiences
Exposure to advanced AI and Large Language Model (LLM) security
Relocation package is provided in case you prefer to relocate to Bangkok, Thailand
Hybrid Working Model
WFH Set Up Allowance
30 Days of Remote Working from anywhere globally every year
Employee discount for accommodation globally
Global team of 90+ nationalities
40+ offices and 25+ countries
Annual CSR / Volunteer Time off
Benevity Subscription for employee donations
Volunteering opportunities globally
Free Headspace subscription
Free Odilo & Udemy subscriptions
Access to Employee Assistance Program (third party for personal and workplace support)
Enhanced Parental Leave
Life, TPD & Accident Insurance
Equal Opportunity Employer
At Agoda, we pride ourselves on being a company represented by people of all different backgrounds and orientations. We prioritize attracting diverse talent and cultivating an inclusive environment that encourages collaboration and innovation. Employment at Agoda is based solely on a person’s merit and qualifications. We are committed to providing equal employment opportunity regardless of sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, and other legally protected characteristics.
Disclaimer: We do not accept unsolicited third-party or agency submissions. We reserve the right to contact and hire candidates directly.
#J-18808-Ljbffr