Senior/Staff Application Security Engineer

Overview

Senior/Staff Application Security Engineer (Bangkok based, relocation provided) role at Agoda.

Agoda is an online travel booking platform for accommodations, flights, and more. We build and deploy cutting-edge technology that connects travelers with a global network of hotels, flights, activities, and more. Based in Asia and part of Booking Holdings, our diverse team fosters creativity and collaboration. We innovate through experimentation and ownership to enhance the customer experience.

The Opportunity/Role Summary

The Security Department oversees security, compliance, GRC, and security operations for all Agoda. We aim to prevent breaches and vulnerabilities and to empower engineering partners with secure products.

Responsibilities

• Conduct application security reviews and perform penetration testing, ensuring alignment with compliance standards
• Engage in projects, research, and security tool development to enhance security measures and meet compliance requirements
• Scale security processes using automation
• Provide training, outreach, and develop documentation to guide security practices among internal teams
• Offer technical guidance, advocate for automation, evaluate designs, and lead our security teams to empower engineering partners with cutting-edge tools, techniques, and methodologies to naturally build secure products

What you'll Need to Succeed/Role Requirements

• Strong foundations in secure design reviews, threat modeling experience, code reviews, pen-testing
• Minimum of 3 years of technical experience with threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and network security
• Minimum 2 years experience with Software Development Life Cycle in one or more languages (Go, Python, Nodejs, Rust, etc.)
• Experience with public/private cloud environments (Openshift, Rancher, Kubernetes, AWS, GCP, Azure, etc.)
• In-depth knowledge of security principles, compliance regulations, and change management
• Experience in running assessments using OWASP MASVS and ASVS
• Working knowledge on exploiting and fixing application vulnerabilities
• Proven expertise in architectural threat modeling and conducting secure design reviews
• In-depth knowledge of common web application vulnerabilities (OWASP Top 10 or SANS top 25)
• Familiarity with automated dynamic scanners, fuzzers, and proxy tools
• Analytical problem-solving mindset and offensive security tactics
• Strong communication skills to convey technical concepts to diverse audiences
• Exposure to advanced AI and Large Language Model (LLM) security
• Relocation package is provided in case you prefer to relocate to Bangkok, Thailand
• Hybrid Working Model
• WFH Set Up Allowance
• 30 Days of Remote Working from anywhere globally every year
• Employee discounts for accommodation globally
• Global team of 90+ nationalities
• 40+ offices and 25+ countries
• Annual CSR / Volunteer Time off
• Benevity Subscription for employee donations
• Volunteering opportunities globally
• Free Headspace subscription
• Free Odilo & Udemy subscriptions
• Access to Employee Assistance Program
• Enhanced Parental Leave
• Life, TPD & Accident Insurance

Equal Opportunity Employer

At Agoda, we pride ourselves on being a company represented by people of all different backgrounds and orientations. We prioritize attracting diverse talent and cultivating an inclusive environment that encourages collaboration and innovation. Employment at Agoda is based solely on a person's merit and qualifications. We are committed to providing equal employment opportunity regardless of sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, and other legally protected characteristics.

Disclaimer

We do not accept unsolicited third-party or agency submissions. If we receive such submissions, we reserve the right to contact and hire the candidate directly without any obligation to pay a recruitment fee.

#J-18808-Ljbffr

---