Senior / Staff Application Security Analyst (Bangkok based, relocation provided)

Overview Senior / Staff Application Security Analyst (Bangkok based, relocation provided)

Agoda is an online travel booking platform for accommodations, flights, and more. We build and deploy cutting-edge technology that connects travelers with a global network of hotels, flights, activities, and more. Based in Asia and part of Booking Holdings, we foster a diverse, creative, and collaborative work environment. We innovate through a culture of experimentation and ownership to enhance the customer experience.

Security Team Context The Security Department oversees security, governance, risk management, compliance, and security operations for all Agoda. We aim to stay ahead with modern technology and products in a dynamic environment.

Opportunity The Security Analyst focuses on identifying, analyzing, and remediating vulnerabilities across our environment. You will be hands-on with penetration testing and vulnerability management, ensuring our systems remain secure and resilient.

Responsibilities Develop Security Automation Tools to implement solutions at scale

Triage security findings from multiple tools and coordinate with hundreds of teams to remediate within the defined SLA

Conduct security assessments through code reviews, vulnerability assessments, penetration testing, and risk analysis

Research the negative effects of vulnerabilities and adjust security controls for prevention

Identify potential threats to protect the organization from malicious actors (Vulnerability Management, Bug Bounty Program, Penetration Testing)

Develop Security Trainings for developers

Collaborate with the DevSecOps team to integrate tools into CI / CD and fine-tune rules for precision

What you’ll Need to Succeed 5+ years in information security

5+ years of experience with Penetration Testing (Web, Infra, Mobile, APIs) and Vulnerability Management

Minimum 1 year of experience running a bug bounty program

Minimum 2 years of experience with cloud environments (Openshift, Rancher, Kubernetes, AWS, GCP, Azure, etc.)

Experience performing security testing (code review, web app security testing)

Familiarity with GitLab, DefectDojo, JIRA, Confluence

Proficient in one or more programming languages (e.g., Python, Go, Node.js)

Familiar with analytics platforms and databases (GraphQL, REST APIs, PostgreSQL, MSSQL, Kafka, Hadoop, S3, etc.)

Strong knowledge of security assessment tools (Nessus, Acunetix, and similar platforms) and fuzzers

Nice to have Knowledge in Container Image Security, Dependency Checking, Fuzzing, and License Scanning

Familiarity with security incident response processes and 0-days

Security Certifications

Relocation package to Bangkok is provided

Hybrid working model and related benefits

Wellness and employee assistance benefits as part of the package

Equal Opportunity At Agoda, we pride ourselves on being a company represented by people of all different backgrounds and orientations. We are committed to equal employment opportunity regardless of sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, or other protected characteristics. We will keep your application on file for consideration for future vacancies unless you request removal. For more details, please read our privacy policy.

Disclaimer We do not accept unsolicited third-party or agency submissions. If we receive such CVs, we reserve the right to contact and hire directly without obligation to pay a recruitment fee.

#J-18808-Ljbffr