Job Description

About Agoda

Agoda is an online travel booking platform for accommodations, flights, and more. We build and deploy cutting-edge technology that connects travelers with more than 2.5 million accommodations globally. Based in Asia and part of Booking Holdings, our 6,000+ employees representing 90+ nationalities foster a work environment rich in diversity, creativity, and collaboration. We innovate through a culture of experimentation and ownership, enhancing the ability for our customers to experience the world.

Get to Know our Team: 

The Security Department oversees security, governance, risk management, and compliance, and security operations for all Agoda. We are vigilant in ensuring there is no breach or vulnerability threatening our company or endangering our employees to keep Agoda safe and protected. Given that the security ecosystem is moving forward at tremendous speed, we like to be early adaptors of recent technology and products. This would be a great challenge for those who want to work with the best technology in a dynamic and advanced environment.

The Opportunity:

You will be working in a fast-paced DevOps environment where code change happens at a rapid speed and where it is paramount to control security testing into a continuous deployment/integration flow.

In this Role, you will get to:

• Develop Security Automation Tools to implement solutions at scale
• Triage security findings from different tools and work with hundreds of teams to get them remediated within the right SLA
• Conduct security assessments through code reviews, vulnerability testing and risk analysis.
• Research on the negative effects of a vulnerability, from minimizing the impact to altering security controls for future prevention.
• Identify potential threats so that the organization can protect itself from malicious hackers. This includes Vulnerability Management, Bug Bounty Program, Penetration Testing
• Be responsible for developing Security Training for developers.
• Work with DevSecOps team in integration of tools into CI/CD, as well as fine-tune the rules and precision.

What you’ll Need to Succeed:

• 5+ years in the information security field
• 5+ years of experience with Vulnerability Management
• Minimum 1 year of experience running a bug bounty platform
• Minimum 2yr experience with any of public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.)
• Holding OSCP certification
• Experience performing security testing, e.g. code review and web application security testing
• Able to automate and script jobs e.g. go, bash scripts, etc.
• Familiarity with Gitlab, Defectdojo, JIRA, Confluence.
• Proficient in one or more programming languages such as Python, Go, Node.js, Python etc.
• Familiar with analytics platform and databases such as GraphQL , REST APIs, Postgres, MSSQL, Kafka, Hadoop, S3 etc.
• Strong knowledge in Assessment tools such as security scanners and fuzzers.

It’s great if you have:

• Knowledge in Container Image Security, Vulnerability Management, Dependency Checking, Fuzzing and License Scanning
• Relocation package is provided in case you prefer to relocate to Bangkok, Thailand. Our benefits are…
• Hybrid Working Model
• WFH Set Up Allowance
• 30 Days of Remote Working from anywhere globally every year
• Employee discount for accommodation globally
• Global team of 90+ nationalities
• 40+ offices and 25+ countries
• Annual CSR / Volunteer Time off
• Benevity Subscription for employee donations
• Volunteering opportunities globally
• Free Headspace subscription
• Free Odilo & Udemy subscriptions
• Access to Employee Assistance Program (third party for personal and workplace support)
• Enhanced Parental Leave
• Life, TPD & Accident Insurance

#sanfrancisco #sanjose #losangeles #sandiego #oakland #denver #miami #orlando #atlanta #chicago #boston #detroit #newyork #portland #philadelphia #dallas #houston #austin #seattle #sydney #melbourne #perth #toronto #vancouver #montreal #shanghai #beijing #shenzhen #prague #Brno #Ostrava #cairo #alexandria #giza #estonia #paris #berlin #munich #hamburg #stuttgart #cologne #frankfurt #dusseldorf #dortmund #essen #Bremen #leipzig #dresden #hanover #nuremberg #athens #hongkong #budapest #jakarta #bali #dublin #telaviv #jerusalem #milan #rome #venice #florence #naples #turin #palermo #bologna #tokyo #osaka #yokohama #nagoya #okinawa #fukuoka #sapporo #kualalumpur #malta #amsterdam #oslo #manila #warsaw #krakow #bucharest #doha #alrayyan #moscow #saintpetersburg #riyadh #jeddah #mecca #medina #singapore #capetown #johannesburg #seoul #barcelona #madrid #stockholm #zurich #taipei #tainan #taichung #kaohsiung #bangkok #Phuket #istanbul #dubai #abudhabi #sharjah #london #manchester #liverpool #edinburgh #kiev #hcmc #hanoi #amsterdam #bucharest #lodz #wroclaw #poznan #katowice #rio #salvador #bandung #yokohama #nagoya #okinawa #fukuoka #newdelhi #Pune #Hyderabad #Bangalore #Mumbai #Bengaluru #Chennai #Kolkata #Lucknow #IT #4

Equal Opportunity Employer

At Agoda, we pride ourselves on being a company represented by people of all different backgrounds and orientations. We prioritize attracting diverse talent and cultivating an inclusive environment that encourages collaboration and innovation. Employment at Agoda is based solely on a person’s merit and qualifications. We are committed to providing equal employment opportunity regardless of sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, and other legally protected characteristics.

We will keep your application on file so that we can consider you for future vacancies and you can always ask to have your details removed from the file. For more details please read our privacy policy .

To all recruitment agencies: Agoda does not accept third party resumes. Please do not send resumes to our jobs alias, Agoda employees or any other organization location. Agoda is not responsible for any fees related to unsolicited resumes.

Quick response

Required Knowledge

• K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
• K0004   Knowledge of cybersecurity and privacy principles.
• K0005   Knowledge of cyber threats an`d vulnerabilities.
• K0009   Knowledge of application vulnerabilities.
• K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• K0106   Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
• K0206   Knowledge of ethical hacking principles and techniques.
• K0342   Knowledge of penetration testing principles, tools, and techniques.
• K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

Required Skills

• S0001   Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
• S0009   WITHDRAWN: Skill in assessing the robustness of security systems and designs. (See S0027)
• S0051   Skill in the use of penetration testing tools and techniques.
• S0081   Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
• S0137   Skill in conducting application vulnerability assessments.
• S0171   Skill in performing impact/risk assessments.
• S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Required Abilities

• A0001  Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
• A0044  Ability to apply programming language structures (e.g., source code review) and logic.
• A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).