Agoda is one of the world’s fastest-growing online hotel platforms. Established in 2005 as a start-up, Agoda expanded quickly in Asia and was soon acquired in 2007 by the world’s largest seller of rooms online - the Priceline Group. Today, Agoda offers hundreds of thousands of accommodation options around the globe with service and support in over 40 lan...
Read more about this company
You will be working in a fast paced DevSecOps environment where code change happens at a rapid speed and where it is paramount to control security testing into a continuous deployment/integration flow.
In this Role, you’ll get to:
Play a lead role in developing and designing application-level security controls and standards.
Perform application security design reviews against new products and services.
Track and prioritize all security issues.
Build internal security tools that help fix security problems at scale.
Perform code review and drive remediation of discovered issues.
Enable automated security testing at scale to measure vulnerability, and report on risk across all microservice, web and mobile platforms.
Execute security tests on thousands of servers which are spread across on-premise and public cloud data centers.
What you’ll Need to Succeed:
Strong foundations in software engineering.
Minimum of 7 years of technical experience with any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security.
Minimum 2 years experience with Software Development Life Cycle in one or more languages (Rust, Python, Go, Nodejs, etc.)
Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.)
Experience in running assessments using OWASP MASVS and ASVS.
Working knowledge on exploiting and fixing application vulnerabilities.
Strong background in threat modeling.
In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10).
Familiarity with automated dynamic scanners, fuzzers, and proxy tools.
An analytical mind for problem solving, abstract thought, and offensive security tactics.
Highly effective communication skills, in both verbal and written forms, to effectively convey technical and non-technical concepts to a wide variety of audiences
Gmail
Yahoomail