Senior/Staff Application Security Analyst

Overview

Senior/Staff Application Security Analyst (Bangkok based, relocation provided)

About Agoda

Agoda is an online travel booking platform for accommodations, flights, and more. We build and deploy cutting-edge technology that connects travelers with a global network of hotels, flights, activities, and more. We foster a work environment rich in diversity, creativity, and collaboration across 7,100+ employees in 27 markets.

The Security Team and Opportunity

The Security Department oversees security, governance, risk management, compliance, and security operations for Agoda. This role focuses on identifying, analyzing, and remediating vulnerabilities across our environment, with hands-on penetration testing and vulnerability management to keep systems secure and resilient.

Responsibilities

• Develop Security Automation Tools to implement solutions at scale.
• Triage security findings from multiple tools and coordinate with hundreds of teams to remediate within the defined SLA.
• Conduct security assessments through code reviews, vulnerability assessments, penetration testing, and risk analysis.
• Research vulnerability impact and adjust security controls for future prevention.
• Identify potential threats to protect the organization from malicious actors, including Vulnerability Management, Bug Bounty Program, and Penetration Testing.
• Develop Security Trainings for developers.
• Collaborate with the DevSecOps team to integrate tools into CI/CD and fine-tune rules for precision.

What you'll Need to Succeed

• 5+ years in information security.
• 5+ years of experience with Penetration Testing (Web, Infra, Mobile, APIs) and Vulnerability Management.
• Minimum 1 year of experience running a bug bounty program.
• Minimum 2 years of experience with cloud environments (OpenShift, Kubernetes, AWS, GCP, Azure, etc.).
• Experience performing security testing, e.g., code review and web app security testing.
• Familiarity with GitLab, DefectDojo, JIRA, Confluence.
• Proficient in one or more programming languages such as Python, Go, Node.js.
• Familiar with analytics platforms and databases (GraphQL, REST APIs, PostgreSQL, MSSQL, Kafka, Hadoop, S3).
• Strong knowledge of security assessment tools (Nessus, Acunetix, and similar platforms).

Nice to Have

• Knowledge in Container Image Security, Dependency Checking, Fuzzing, and License Scanning.
• Familiarity with security incident response processes and zero-days.
• Security Certifications.
• Relocation package for Bangkok, Thailand.
• Hybrid working model and WFH setup allowance.
• Remote work flexibility and global employee benefits (disclosures below).

Benefits and Perks

• Relocation package (if relocating to Bangkok).
• Hybrid Working Model; WFH setup allowance.
• 30 days of remote work from anywhere globally each year.
• Employee discounts for accommodation globally; global team of 90+ nationalities.
• Global offices and presence in 25+ countries; CSR/Volunteer Time Off.
• Wellness and learning subscriptions (Headspace, Odilo, Udemy); Employee Assistance Program.
• Enhanced Parental Leave; Life, TPD & Accident Insurance.

Equal Opportunity

At Agoda, we pride ourselves on being a company represented by people of diverse backgrounds and orientations. We are committed to equal employment opportunity regardless of sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, or other legally protected characteristics. We may keep your application on file for future vacancies unless you request removal. For details, see our privacy policy.

Disclaimer

We do not accept unsolicited third-party or agency submissions. If we receive such CVs, we may contact and hire the candidate directly without a recruitment fee.

#J-18808-Ljbffr

---