What Jobs are available for Offensive Security in Thailand?

About Ascend Money

Ascend Money is a leading fintech company providing innovative payment and financial services across 7 countries in the Southeast Asian Region.

Established in 2013, Ascend Money became Thailand's first fintech unicorn in 2021. Its flagship service TrueMoney today has become the most popular digital financial application that enables ease of payments and convenient financial lifestyle.

TrueMoney's extensive agent network as well as offline and online payment services also enable millions of users across the region to access innovative financial services, leading them to better lives.

CyberSecurity Offensive Manager (Red team)

Job description

● Conduct advanced penetration tests to identify vulnerabilities in computer systems, networks, and applications.

● Perform vulnerability assessments and security audits to evaluate the effectiveness of existing security measures.

● Develop and execute simulated cyber attacks to assess the organization's readiness to defend against real-world threats.

● Employ various attack methodologies to test the resilience of systems against hacking attempts and security breaches.

● Perform threat modeling to anticipate potential attack vectors.

● Analyze risks associated with identified vulnerabilities and recommend appropriate mitigation strategies.

● Develop custom tools and scripts to automate penetration testing and exploit known vulnerabilities.

● Keep up-to-date with the latest exploitation techniques and security tools.

● Prepare detailed reports on findings from penetration tests and security assessments.

● Document and present risks and vulnerabilities to relevant stakeholders, along with recommended countermeasures.

● Collaborate with the Blue Team to enhance the organization's defensive strategies based on offensive findings.

● Share insights and knowledge on emerging threats and attack techniques with the cybersecurity team to continually improve defensive measures.

Job Qualifications

● Bachelors or Masters Degree in Computer Engineering, Computer Science or related field.

● At least 10 years of experience in penetration testing and vulnerability assessments or related roles.

● Strong knowledge of network and application security, ethical hacking, and cybersecurity principles.

● Familiarity with penetration testing tools (e.g., Metasploit, Burp Suite, Kali Linux).

● Excellent problem-solving skills and ability to think like an adversary.

● Good communication skills for effective reporting and stakeholder engagement.

● Rapid learning capability and able to work under pressure.

● Good command in written and spoken Thai and English language.

● Ability to present technical solutions with stakeholders in an easy way.

● Knowledge of International Security frameworks, Standards, and Guidelines e.g., NIST-800-53, PCI-DSS, OWASP, and etc.

● Professional Certificated related to work e.g. (CISSP, OSCP, OSWE) is desirable

About Agoda

Agoda is an online travel booking platform for accommodations, flights, and more. We build and deploy cutting-edge technology that connects travelers with a global network of 4.7M hotels and holiday properties worldwide, plus flights, activities, and more. Based in Asia and part of Booking Holdings, our 7,100+ employees representing 95+ nationalities in 27 markets foster a work environment rich in diversity, creativity, and collaboration. We innovate through a culture of experimentation and ownership, enhancing the ability for our customers to experience the world.

Our Purpose - Bridging the World Through Travel

We believe travel allows people to enjoy, learn and experience more of the amazing world we live in. It brings individuals and cultures closer together, fostering empathy, understanding and happiness.

We are a skillful, driven and diverse team from across the globe, united by a passion to make an impact. Harnessing our innovative technologies and strong partnerships, we aim to make travel easy and rewarding for everyone.

Get to Know our Team:

The Security Department oversees security, compliance, GRC, and security operations for all Agoda. We are vigilant in ensuring there is no breach or vulnerability threatening our company or endangering our employees in order to keep Agoda safe and protected. This would be a great challenge for those who want to work with the best technology in a dynamic and advanced environment.

This role is a 11-month contract based in Bangkok, Thailand and the succeeded candidate will be assigned to the project.

The Opportunity:

You will be working with a diverse group of expert security professionals from different parts of the world, pooling in years of experience in securing software products and corporate environments.

In this Role, you'll get to:

• Help triage and track security findings, and collaborate with various teams to ensure timely remediation.
• Participate in code reviews, vulnerability assessments, and penetration testing under the guidance of senior analysts.
• Research and analyze the impact of security issues and help design strategies to minimize risk.
• Get hands-on experience with industry-standard security tools and platforms.
• Work with the team to understand how security integrates into CI/CD pipelines and modern cloud environments.

What you'll need to succeed:

• Bachelor's degree in IT or related fields
• Fresh graduates are welcome to apply. Preferably less than two years of experience.
• Familiar with basic programming
• Security and risk mindset
• Good English communication skill
• Ready to learn fast

It's Great if you have:

• Practical knowledge or experience in performing security assessments and vulnerability management
• Built some back-end applications and services.
• Familiarity with OWASP Top 10 and other security frameworks

Equal Opportunity Employer

At Agoda, we pride ourselves on being a company represented by people of all different backgrounds and orientations. We prioritize attracting diverse talent and cultivating an inclusive environment that encourages collaboration and innovation. Employment at Agoda is based solely on a person's merit and qualifications. We are committed to providing equal employment opportunity regardless of gender, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, and other legally protected characteristics.

We will keep your application on file so that we can consider you for future vacancies and you can always ask to have your details removed from the file. For more details please read our privacy policy.

Disclaimer

We do not accept any terms or conditions, nor do we recognize any agency's representation of a candidate, from unsolicited third-party or agency submissions. If we receive unsolicited or speculative CVs, we reserve the right to contact and hire the candidate directly without any obligation to pay a recruitment fee.

Job description

1. Security requirements (standards / patterns):

2. Support in surfacing recommended refinements to program-level security requirements as part of lower-level squad designs, and by incorporating enterprise standards, regulatory standards, program design principles & standards, and industry best practices.

3. Security assessments:

4. Support program (overall & squad-level) security assessments (e.g., Threat Modelling) to identify critical assets, potential security threats and vulnerabilities within the application and its infrastructure.

5. Security Controls Architecture design:

6. Support development of program's security controls architectures, focusing on requirements gathering, researching & analyzing appropriate controls, that encompasses network security, application security, data protection, and identity and access management. Establish security patterns to be adopted by the program

7. Security squad-level support:

8. Support squads in analyzing & recommending application of program-wide security controls and policies, including identifying specific security threat, analyzing solutions, & helping to ensure squad-level designs appropriately incorporate security requirements

9. Document security findings, recommendations, and remediation plans.

Skills / experience required

• Understanding of Security Principles: Strong foundation in the principles of security, including identity & access management, data security, cryptography, code security, infrastructure protection, etc.
• Experience with banking security architecture for major retail digital banking platforms and addressing the emerging threat landscape with suitable controls.
• Basic understanding & experience with Security Frameworks and Standards: Familiarity with security frameworks and standards such as NIST, ISO 27001, OWASP, and knowledge of banking regulations affecting application security.
• Knowledge of Network and Infrastructure Security: Understanding of network protocols, firewalls, VPNs, and other security measures that protect application infrastructure.
• Strong collaboration and communication skills given need for close working relationships with cross-functional squads

If you require more information, please contact K.Kamonporn Taisub Tel

Working Location :

1. Bangkok Bank Rama 3

2. Bangkok Bank Silom

Job descriptions:

• Capable of demonstrating Proof of Concept (POC) for proposed solutions to illustrate their feasibility and effectiveness.
• Analysis of phishing emails reported by internal end users.
• Escalation of incidents to be handled to L2 SOC team, when relevant.
• Follow up on remediation activities
• Triage on general information security tickets

Qualifications:

• Bachelor's degree or higher in Computer Engineering, Computer Science, IT, or related fields
• At least 1-2 years of Experience in Security Analyst (SOC) Tier 1.
• Basic knowledge and/or experience with common security tools such as anti-virus, intrusion detection and firewalls are required
• Knowledge of CSOC processes, SIEM (Splunk), EDR, SOAR, UEBA.
• Passion for Cyber Security and learning
• Well-developed logical thinking capabilities, in order to be able to investigate cases.
• Having a Security+ certification (CompTIA Sec+) will be considered a plus.

Key Responsibilities

• Gather and analyze business and technical requirements to design and improve IAM processes.
• Manage user account lifecycle, including onboarding, offboarding, RBAC, and access governance.
• Translate business needs into effective IAM solutions and system designs.
• Collaborate with cross-functional teams to define functional requirements and deliver IAM initiatives.
• Support IAM tools, including identity provisioning, governance, and PAM solutions.
• Lead and contribute to IAM-related projects, ensuring successful delivery and compliance with security policies.
• Identify risks, gaps, and issues, providing effective solutions and recommendations.
• Monitor service performance, support incident/problem management, and participate in on-call rotations.
• Ensure audit readiness and maintain required IAM documentation.
• Drive improvements in IAM governance, lifecycle workflows, and key management controls.
• Promote secure access control practices across the organization.

Skills & Prerequisites

• A positive, proactive mindset with strong empathy and team collaboration skills.
• Bachelor's or Master's degree in Computer Engineering, Information Security, MIS, or a related field.
• Minimum of 3 years of experience in cybersecurity or IAM domains.
• Solid foundation in information security principles and best practices.
• Knowledge of international security frameworks and standards, such as COBIT, NIST 800 series, ISO/IEC 27001, PCI-DSS, and OWASP.
• Familiarity with end-to-end security architecture including network, platform, and application layers.
• Experience with application/system security controls, IAM risk assessments, and access governance.
• Strong skills in technical writing, documentation, process mapping, and visual communication.
• Ability to develop and execute a clear vision for IAM and security solutions.

Role Purpose:

·    One or two sentences summarize why the role exists, the unique contribution it makes to the organization.

·    This role will liaise with application owners and system owners in gathering the requirements to assist the implementation and ongoing maintenance of the Role Based Access Controls (RBAC) project following the regional framework.

·    Follow up any cyber security non-compliance issues, ISO 27001 standard implementation and lead security awareness program.

Organization Context:

·    Brief description of how the role fits into the big picture (e.g., how it relates to activities in other divisions, other countries, regional office, etc.) and/or special characteristics of the business environment that help in understanding the role's contribution to the organization.

·    An experienced candidate in Role-based Access Control (RBAC) knowledge would be expected to help increase cybersecurity in the Identity and Access Management (IAM) area.

·    The candidate will also coordinate with related parties e.g., business user, regional, and internal IT to improve company cybersecurity posture and compliance.

Key Accountabilities:

·    Liaise with business application owners and system owners to implement Role Based Access Control (RBAC) project.

·    Analyze the identity life cycle, articulate access requirements and defining identity & role-based access for applications.

·    Follow documented framework, methods, and practices to deliver effective and efficient project and support ISO 27001.

·    Follow up cybersecurity non-compliance issues.

·    Prepare quality project status report and materials needed to facilitate critical decisions by the management.

Performance measures:

·    Success of RBAC project deliverables for applications withing defined timeline.

·    Able to follow up and close cybersecurity non-compliance issues.

·    Performance and status reports provide management with accuracy and in a timely manner.

·    Lead security awareness training program.

Qualifications and Experience:

·    Bachelor's or master's degree in IT, Cybersecurity, MIS, or other related fields.

· years experience in Cybersecurity and Identity and Access Management or other related fields in insurance, banking business, consulting, or other services industry.

·    Experience in Identity and Access Management (IAM) and Role Based Access Control (RBAC) is preferable.

·    Experience in ISO 27001 standard implementation

·    Experience in cybersecurity awareness training program

Key Attributes:

·    Logical thinking structured and disciplined.

·    Experience in project management

·    Good in Microsoft Products: MS Office, MS Project, MS Visio, etc.

·    Self-Development, Communication, Interpersonal and Problem-Solving Skills.

·    Ability to work under complex conditions and time constraint.

·    Good communication in English is a plus.

We are looking for Cyber Security Analyst to perform real-time monitoring security alert and investigate security incidents base on the guidance, playbooks and procedures for our large enterprise customers

What we want?

• Validates, classifies, priorities and opens ticket.
• Acting as focal contact point for report security incidents.
• Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
• Provide daily summary reports of security incidents.
• Responds to security alerts generate within the SLA time window.
• Follow-up and tracking security incidents base on team process.
• Examine network topologies to understand data flows through the network.
• Validate security incidents alerts against network traffic using packet analysis tools.
• Isolate or remove malware.
• Identify applications and operating systems of a network device based on network traffic.
• Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
• Notify cybersecurity service provider team members of suspected cyber incidents, status, and potential impact for further action in accordance with the organization's cyber incident response plan.
• Work with stakeholders to resolve computer security incidents and vulnerability compliance.

Who are we looking for?

• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Analytical and problem-solving skills are required.
• Knowledge of network traffic analysis methods.
• Knowledge of cyber defense and information security policies, procedures, and regulations.
• Experience in IT Security, Network Security or Security Compliance.
• Knowledge of common security tools such as anti-virus, firewall and intrusion detection system.
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  
  Able to work in shift.

Job Highlight

• IT Solutions & Services
• Work with Passion, Professional and Teamwork
• Work in Shift

We are looking for a highly proficient Cyber Security Consultant who has the professional knowledge and skill to drive and enhance our security solutions in any field at MFEC Cyber Security Operation Center (CSOC) for our large enterprise customers.

What we want?

• To find the most efficient way to create and to manage every cyber security solution for multiple clients.
• To propose improvement to infrastructure and security systems and may present them to customer's upper management.
• Plan and carry out a customer's information security strategy to be the healthy security architectures for any IT project.
• To implement security system and ensure compliance with corporate cyber security policies and procedures.
• To provide professional supervision and guidance to security teams.
• Works with other business units, partners, and customers to maintain secure methods of security management.
• Work in Shift

Who are we looking for?

• 1-3 Years or experience in Cyber Security field
• Great awareness of Cyber Security trends and new technology update.
• Strong knowledge and experience with various IT security such as Incident Handler, Forensic Examiner, Forensic Analyst is a plus.
• Excellent knowledge in Security Product (Firewall/VPN, IPS/IDS), Security Platform, Endpoint Solution, and Network Security solution.
• Excellent problem solving and analytical skill, planning and organizing skill and customer oriented
• Proficiency in English both written and spoken
• Security Profession Certification is a plus.
• Knowledge in AI and the ability to use AI-related tools and technologies

MFEC OKR:- As MFEC People, you will be a part of our talent team. Besides your main responsibilities, you do have special projects as part of OKR. However, the percentages will be different according to the positions and teams.

About TrueMoney

TrueMoney is a leading international fintech brand providing innovative payment and financial services across seven countries in Southeast Asia. With its user-friendly digital platform, extensive agent network, and comprehensive offline and online services, TrueMoney empowers millions of users to make easy, secure payments and enjoy a more convenient financial lifestyle.

Since its establishment, TrueMoney has grown to become the most popular digital financial application in the region, playing a central role in expanding access to financial services and improving quality of life for individuals and MSME communities.

TrueMoney is part of Ascend Money, a regional digital financial services company founded in 2013, which reached a major milestone by becoming Thailand's first fintech unicorn in 2021.

Key Responsibilities

• Participate in gathering and analyzing business and technical requirements to develop enterprise-wide Identity and Access Management (IAM) processes and procedures.
• Demonstrate a solid understanding of risk and change management, security policies and controls, user account lifecycle management, onboarding/offboarding, role-based access control (RBAC), access governance, and directory services.
• Translate business requirements into specific system, application, or process designs.
• Collaborate with cross-functional teams, including business units and technical stakeholders, to identify and define functional requirements, and contribute to or lead the design of IAM solutions.
• Engage in a broad range of IAM design activities from requirements analysis to implementation.
• Apply your knowledge of various IAM products and domains, with the ability to quickly adapt to new tools and technologies through self-learning or formal training.
• Provide support for identity provisioning, governance platforms, and privileged access management (PAM) tools.
• Lead and contribute to IAM-related projects to ensure successful delivery of objectives.
• Identify and communicate high-level functional gaps, risks, and potential issues, and propose effective solutions.
• Monitor service delivery against SLAs and escalate exceptions as needed.
• Perform IAM-related risk assessments and consult on project implementations to ensure alignment with RBAC frameworks and internal security policies.
• Drive improvements in RBAC processes, governance policies, and IAM lifecycle workflows.
• Lead or contribute to incident and problem management efforts, ensuring root cause analysis and future incident mitigation.
• Participate in on-call production support rotations and work with vendors to resolve technical issues.
• Influence the IAM strategy by making informed decisions on complex technical challenges.
• Support internal and external audit readiness by preparing and organizing required audit documentation.
• Design and implement key management controls to ensure encryption key security throughout the lifecycle.
• Conduct physical access control reviews and physical security assessments for restricted areas.
• Promote and extend secure access control practices across the organization and its affiliates.

Essential Skills & Prerequisites

• A positive, proactive mindset with strong empathy and team collaboration skills.
• Bachelor's or Master's degree in Computer Engineering, Information Security, MIS, or a related field.
• Minimum of 3 years of experience in cybersecurity or IAM domains.
• Solid foundation in information security principles and best practices.
• Knowledge of international security frameworks and standards, such as COBIT, NIST 800 series, ISO/IEC 27001, PCI-DSS, and OWASP.
• Familiarity with end-to-end security architecture including network, platform, and application layers.
• Experience with application/system security controls, IAM risk assessments, and access governance.
• Strong skills in technical writing, documentation, process mapping, and visual communication.
• Ability to develop and execute a clear vision for IAM and security solutions.