Apply on Employer Site

Agoda · 17 hours ago

Senior/Staff Application Security Engineer (Bangkok based, relocation provided)

New York, NY

Full-time

Hybrid

Senior Level, Lead/Staff

3+ years exp

Agoda is a leading travel platform that connects people to destinations and experiences worldwide. They are seeking a Senior/Staff Application Security Engineer to conduct application security reviews, perform penetration testing, and enhance security measures through automation and training. The role involves providing technical guidance and empowering engineering partners to build secure products.

Air TransportationE-CommerceHotelTourismTravelTravel Accommodations

Growth Opportunities

Responsibilities

Conduct application security reviews and perform penetration testing, ensuring alignment with compliance standards

Engage in projects, research, and security tool development to enhance security measures and meet compliance requirements

Scale security processes using automation

Provide training, outreach, and develop documentation to guide security practices among internal teams

Offer technical guidance, advocate for automation, evaluate designs, and lead our security teams to empower engineering partners with cutting-edge tools, techniques, and methodologies to naturally build secure products

Qualification

Application SecurityPenetration TestingThreat ModelingSecure CodingCloud EnvironmentsSecurity PrinciplesOWASP MASVSAnalytical MindAI SecurityCommunication SkillsProblem Solving

Required

Strong foundations in secure design reviews, threat modeling experience, code reviews, pen-testing

Minimum of 3 years of technical experience with any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security

Minimum 2 years experience with Software Development Life Cycle in one or more languages (Go, Python, Nodejs, Rust, etc.)

Experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.)

In-depth knowledge of security principles, compliance regulations, and change management

Experience in running assessments using OWASP MASVS and ASVS

Working knowledge on exploiting and fixing application vulnerabilities

Proven expertise in architectural threat modeling and conducting secure design reviews

In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10 or SANS top 25)

Familiarity with automated dynamic scanners, fuzzers, and proxy tools

An analytical mind for problem solving, abstract thought, and offensive security tactics

Highly effective communication skills, in both verbal and written forms, to effectively convey technical and non-technical concepts to a wide variety of audiences

Exposure to advanced AI and Large Language Model (LLM) security

Benefits

Hybrid Working Model

WFH Set Up Allowance

30 Days of Remote Working from anywhere globally every year

Employee discount for accommodation globally

Annual CSR / Volunteer Time off

Benevity Subscription for employee donations

Volunteering opportunities globally

Free Headspace subscription

Free Odilo & Udemy subscriptions

Access to Employee Assistance Program (third party for personal and workplace support)

Enhanced Parental Leave

Life, TPD & Accident Insurance

Company

Agoda

Glassdoor4.2

Agoda is a digital travel platform that provides access to hotels and holiday properties including flights. It is a sub-organization of Booking Holdings.

Founded in 2005

Singapore, Central Region, SGP

5001-10000 employees