Senior/Staff Application Security Analyst

Senior/Staff Application Security Analyst (Bangkok based, relocation provided)

Join to apply for the Senior/Staff Application Security Analyst (Bangkok based, relocation provided) role at Agoda

About Agoda Agoda is an online travel booking platform for accommodations, flights, and more. We build and deploy cutting-edge technology that connects travelers with a global network of 4.7M hotels and holiday properties worldwide, plus flights, activities, and more. Based in Asia and part of Booking Holdings, our 7,100+ employees representing 95+ nationalities in 27 markets foster a work environment rich in diversity, creativity, and collaboration. We innovate through a culture of experimentation and ownership, enhancing the ability for our customers to experience the world.

The Security Department oversees security, governance, risk management, compliance, and security operations for all Agoda. We are vigilant in ensuring there is no breach or vulnerability threatening our company or endangering our employees to keep Agoda safe and protected. This is a dynamic environment that values early adoption of recent technology and products.

The Opportunity

• As a Security Analyst, you will focus on identifying, analyzing, and remediating vulnerabilities across our environment. You will be hands-on with penetration testing and vulnerability management, ensuring our systems remain secure and resilient.

In this Role, you'll get to

• Develop Security Automation Tools to implement solutions at scale
• Triage security findings from multiple tools and work with hundreds of teams to get them remediated within the right SLA
• Conduct security assessments through code reviews, vulnerability assessments, penetration testing and risk analysis
• Research the negative effects of vulnerabilities, from minimizing impact to informing future prevention
• Identify potential threats so the organization can protect itself (Vulnerability Management, Bug Bounty Program, Penetration Testing)
• Be responsible for developing Security Trainings for developers
• Work with the DevSecOps team to integrate tools into CI/CD, and fine-tune rules and precision

What you'll Need to Succeed

• 5+ years in the information security field
• 5+ years of experience with Penetration Testing (Web, Infra, Mobile, APIs, etc.) and Vulnerability Management
• Minimum 1 year of experience running a bug bounty platform
• Minimum 2 years of experience with public/private cloud environments (OpenShift, Rancher, Kubernetes, AWS, GCP, Azure, etc.)
• Experience performing security testing, e.g., code review and web application security testing
• Familiarity with GitLab, DefectDojo, JIRA, Confluence
• Proficient in one or more programming languages such as Python, Go, Node.js
• Familiarity with analytics platforms and databases (GraphQL, REST APIs, Postgres, MSSQL, Kafka, Hadoop, S3, etc.)
• Strong knowledge of security assessment tools (Nessus, Acunetix and similar scanners)

It's great if you have

• Knowledge in Container Image Security, Dependency Checking, Fuzzing and License Scanning
• Familiarity with security incident response processes and 0-days
• Security Certifications
• Relocation package is provided for Bangkok relocation
• Hybrid Working Model
• WFH Set Up Allowance
• Remote Working 30 days per year
• Employee discounts for accommodation globally
• Global team of 90+ nationalities
• 40+ offices and 25+ countries
• Volunteer Time Off and CSR initiatives
• Headspace, Odilo & Udemy subscriptions
• Employee Assistance Program
• Enhanced Parental Leave and Life, TPD & Accident Insurance

Equal Opportunity Employer Agoda is committed to equal employment opportunity regardless of sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, or other legally protected characteristics. We will keep your application on file unless you ask us to remove it. For more details please read our privacy policy.

Disclaimer We do not accept unsolicited terms or agency submissions. We reserve the right to contact and hire directly without payment of a recruitment fee.

#J-18808-Ljbffr

---