Overview

Senior/Staff Application Security Analyst (Bangkok based, relocation provided)

Job posted previously; relocation can be provided. This role focuses on identifying, analyzing, and remediating vulnerabilities across Agoda's environment with hands-on security testing and integration into CI/CD processes.

Responsibilities

• Identify, analyze, and remediate vulnerabilities across the environment.
• Perform hands-on penetration testing and manage vulnerability remediation to maintain security and resilience.
• Develop security automation tools to implement solutions at scale.
• Triage security findings from multiple tools and coordinate with multiple teams to meet SLAs.
• Conduct security assessments through code reviews, vulnerability assessments, penetration testing, and risk analysis.
• Research vulnerability impacts and adjust security controls to prevent recurrence.
• Identify potential threats and support Vulnerability Management, Bug Bounty, and Penetration Testing programs.
• Develop security trainings for developers.
• Collaborate with the DevSecOps team to integrate tools into CI/CD and fine-tune rules and precision.

What you'll Need to Succeed

• 5+ years in information security.
• 5+ years of experience with penetration testing (Web, Infra, Mobile, APIs) and vulnerability management.
• Minimum 1 year of experience running a bug bounty program.
• Minimum 2 years of experience with public/private cloud environments (OpenShift, Rancher, Kubernetes, AWS, GCP, Azure, etc.).
• Experience performing security testing such as code reviews and web application security testing.
• Familiarity with GitLab, DefectDojo, JIRA, Confluence.
• Proficient in one or more programming languages (e.g., Python, Go, Node.js).
• Familiarity with analytics platforms and databases (GraphQL, REST APIs, PostgreSQL, MSSQL, Kafka, Hadoop, S3, etc.).
• Strong knowledge of security assessment tools (Nessus, Acunetix, and similar platforms) and fuzzers.

Nice to have

• Knowledge in container image security, dependency checking, fuzzing, and license scanning.
• Familiarity with security incident response processes and 0-days.
• Security certifications.
• Relocation package to Bangkok, Thailand.
• Hybrid working model, WFH setup allowance, and remote working days.
• Employee benefits including discounts, CSR/Volunteer time off, subscriptions, and insurance options.

Equal Opportunity

We are an Equal Opportunity Employer. Agoda is committed to diversity and inclusion and does not discriminate on any legally protected characteristics.