Get to Know our Team:   

The Security Department oversees security, governance, risk management, and compliance, and security operations for all Agoda. We are vigilant in ensuring there is no breach or vulnerability threatening our company or endangering our employees to keep Agoda safe and protected. Given that the security ecosystem is moving forward at tremendous speed, we like to be early adaptors of recent technology and products.  This would be a great challenge for those who want to work with the best technology in a dynamic and advanced environment.  

The Opportunity:  

You will be working in a fast-paced DevOps environment where code change happens at a rapid speed and where it is paramount to control security testing into a continuous deployment/integration flow. 

 In this Role, you will get to:   

• Develop Security Automation Tools to implement solutions at scale.
• Triage security findings from different tools and work with hundreds of teams to get them remediated within the right SLA.
• Conduct security assessments through code reviews, vulnerability testing and risk analysis. 
• Research on the negative effects of a vulnerability, from minimizing the impact to altering security controls for future prevention. 
• Identify potential threats so that the organization can protect itself from malicious hackers. This includes Vulnerability Management, Bug Bounty Program, Penetration Testing.
• Be responsible for developing Security Training for developers. 
• Work with DevSecOps team in integration of tools into CI/CD, as well as fine-tune the rules and precision.  

 What you'll Need to Succeed:  

• 5+ years in the information security field 
• 5+ years of experience with Vulnerability Management 
• Minimum 1 year of experience running a bug bounty platform 
• Minimum 2yr experience with any of public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) 
• Holding OSCP certification
• Experience performing security testing, e.g. code review and web application security testing 
• Able to automate and script jobs e.g. go, bash scripts, etc. 
• Familiarity with Gitlab, Defectdojo, JIRA, Confluence. 
• Proficient in one or more programming languages such as Python, Go, Node.js, Python etc.  
• Familiar with analytics platform and databases such as GraphQL , REST APIs, Postgres, MSSQL, Kafka, Hadoop, S3 etc.  
• Strong knowledge in Assessment tools such as security scanners and fuzzers. 

 It's great if you have:  

• Knowledge in Container Image Security, Vulnerability Management, Dependency Checking, Fuzzing and License Scanning 

#sanfrancisco #sanjose #losangeles #sandiego #oakland #denver #miami #orlando #atlanta #chicago #boston #detroit #newyork #portland #philadelphia #dallas #houston #austin #seattle #sydney #melbourne #perth #toronto #vancouver #montreal #shanghai #beijing #shenzhen #prague #Brno #Ostrava #cairo #alexandria #giza #estonia #paris #berlin #munich #hamburg #stuttgart #cologne #frankfurt #dusseldorf #dortmund #essen #Bremen #leipzig #dresden #hanover #nuremberg #athens #hongkong #budapest #jakarta #bali #dublin #telaviv #jerusalem #milan #rome #venice #florence #naples #turin #palermo #bologna #tokyo #osaka #yokohama #nagoya #okinawa #fukuoka #sapporo #kualalumpur #malta #amsterdam #oslo #manila #warsaw #krakow #bucharest #doha #alrayyan #moscow #saintpetersburg #riyadh #jeddah #mecca #medina #singapore #capetown #johannesburg #seoul #barcelona #madrid #stockholm #zurich #taipei #tainan #taichung #kaohsiung #bangkok #Phuket #istanbul #dubai #abudhabi #sharjah #london #manchester #liverpool #edinburgh #kiev #hcmc #hanoi #amsterdam #bucharest #lodz #wroclaw #poznan #katowice #rio #salvador #bandung #yokohama #nagoya #okinawa #fukuoka #newdelhi #Pune #Hyderabad #Bangalore #Mumbai #Bengaluru #Chennai #Kolkata #Lucknow #IT #4 #LI-RS1 #LI-Hybrid