Senior​/Staff Application Security Engineer; Bangkok

Senior/Staff Application Security Engineer (Bangkok based, relocation provided)

At Agoda, we bridge the world through travel. Founded in 2005, we are part of Booking Holdings (NASDAQ: BKNG) and employ over 7,000 people worldwide. Data and technology drive our culture of innovation. Join us to help build travel solutions for the world.

The Security Department oversees security, compliance, GRC, and security operations across Agoda. We work to ensure no breaches or vulnerabilities threaten our company or employees.

• Conduct application security reviews and perform penetration testing to ensure compliance alignment.
• Engage in projects, research, and security tool development to enhance security measures and meet compliance requirements.
• Scale security processes through automation.
• Provide training, outreach, and develop documentation to guide security practices across internal teams.
• Offer technical guidance, advocate for automation, evaluate designs, and lead security teams to empower engineering partners with cutting‑edge tools and methodologies.

• Strong foundations in secure design reviews, threat modeling, code reviews, and penetration testing.
• Minimum 3 years of technical experience in threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration, or network security.
• Minimum 2 years experience with Software Development Life Cycle in languages such as Go, Python, Node.js, Rust, etc.
• Experience with public/private cloud environments including Openshift, Rancher, K8s, AWS, GCP, Azure, etc.
• In-depth knowledge of security principles, compliance regulations, and change management.
• Experience running assessments using OWASP MASVS and ASVS.
• Working knowledge of exploiting and fixing application vulnerabilities.
• Proven expertise in architectural threat modeling and conducting secure design reviews.
• Familiarity with common web application vulnerabilities (e.g., OWASP Top 10).
• Knowledge of automated dynamic scanners, fuzzers, and proxy tools.
• Analytical mindset for problem solving, abstract thinking, and offensive security tactics.
• Excellent communication skills, verbal and written, to convey technical concepts to diverse audiences.
• Exposure to advanced AI and large‑language‑model security.

• Relocation package to Bangkok, Thailand.
• Hybrid working model with 30 days of remote work from anywhere globally per year.
• WFH setup allowance.
• Employee discount for accommodation globally.
• Annual CSR/Volunteer time off.
• Enhanced parental leave.
• Life, TPD & accident insurance.
• Access to Headspace and Udemy/Odilo subscriptions.
• Employee assistance program.

At Agoda, we pride ourselves on representing all backgrounds and orientations. Employment is based solely on merit and qualifications. We provide equal opportunity regardless of sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, and other legally protected characteristics. Your application may be kept on file for future vacancies and can be removed on request.

For more details, read our privacy policy.

We do not accept any terms or conditions, nor recognize agency representation of a candidate, from unsolicited third‑party or agency submissions. Unsolicited or speculative CVs may be handled directly without recruitment fee.