Overview
At Agoda, we bridge the world through travel. Our story began in ****, when two lifelong friends and entrepreneurs launched Agoda to make it easier for everyone to explore the world. Today, we are part of Booking Holdings [NASDAQ: BKNG], with a diverse team of over 7,000 people from 90 countries, working in offices around the globe. Data and technology are at the heart of our culture, fueling our curiosity and innovation. If you're ready to begin your best journey and help build travel for the world, join us.
The Security Department
oversees security, compliance, GRC, and security operations for all Agoda, ensuring there is no breach or vulnerability threatening the company or employees.
The Opportunity/Role Summary
Conduct application security reviews and perform penetration testing, ensuring alignment with compliance standards.
Engage in projects, research, and security tool development to enhance security measures and meet compliance requirements.
Scale security processes using automation.
Provide training, outreach, and develop documentation to guide security practices among internal teams.
Offer technical guidance, advocate for automation, evaluate designs, and lead our security teams to empower engineering partners with cutting-edge tools, techniques, and methodologies to naturally build secure products.
What you\'ll Need to Succeed / Role Requirements
Strong foundations in secure design reviews, threat modeling experience, code reviews, and pen-testing.
Minimum of 3 years of technical experience with any combination of: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and network security.
Minimum 2 years experience with Software Development Life Cycle in one or more languages (Go, Python, Nodejs, Rust, etc.).
Experience with public/private cloud environments (Openshift, Rancher, Kubernetes, AWS, GCP, Azure, etc.).
In-depth knowledge of security principles, compliance regulations, and change management.
Experience in running assessments using OWASP MASVS and ASVS.
Working knowledge of exploiting and fixing application vulnerabilities.
Proven expertise in architectural threat modeling and conducting secure design reviews.
In-depth knowledge of common web application vulnerabilities (OWASP Top 10 or SANS Top 25).
Familiarity with automated dynamic scanners, fuzzers, and proxy tools.
Analytical problem solver with an offensive security mindset.
Strong communication skills, both verbal and written, to convey technical and non-technical concepts to diverse audiences.
Exposure to advanced AI and Large Language Model (LLM) security.
Relocation package is provided if you relocate to Bangkok, Thailand. Our benefits include:
Hybrid Working Model
WFH Set Up Allowance
30 Days of Remote Working from anywhere globally every year
Employee discount for accommodation globally
Global team of 90+ nationalities
40+ offices and 25+ countries
Annual CSR / Volunteer Time off
Benevity Subscription for employee donations
Volunteering opportunities globally
Free Headspace subscription
Free Odilo & Udemy subscriptions
Access to Employee Assistance Program (third party for personal and workplace support)
Enhanced Parental Leave
Life, TPD & Accident Insurance
Discover More About Working At Agoda
Agoda Careers
Facebook /
LinkedIn
YouTube
Equal Opportunity Employer
At Agoda, we pride ourselves on being a company represented by people of all different backgrounds and orientations. We prioritize attracting diverse talent and cultivating an inclusive environment that encourages collaboration and innovation. Employment at Agoda is based solely on a person's merit and qualifications. We are committed to providing equal employment opportunity regardless of sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, and other legally protected characteristics. We will keep your application on file so that we can consider you for future vacancies and you can always ask to have your details removed from the file. For more details please read our privacy policy.
Disclaimer
We do not accept any terms or conditions, nor do we recognize any agency's representation of a candidate, from unsolicited third-party or agency submissions. If we receive unsolicited or speculative CVs, we reserve the right to contact and hire the candidate directly without any obligation to pay a recruitment fee.
#J-*****-Ljbffr