About LINE MAN Wongnai
LINE MAN Wongnai is Thailands Leading On-Demand Delivery and Lifestyle e-Commerce platform services. We build technology to help Thai people live better, to empower all local businesses by creating an end-to-end food ecosystem through our channel LINE MAN and Wongnai. Connected consumers, riders, and local businesses and improved the daily life of all parties with restaurants nationwide. And because we are local, we provide the deepest variety and services that are tailor-made for Thai people
.
We are looking for an experienced security professional to drive application security across the organization by implementing and maintaining strong security practices, conducting regular assessments, and ensuring secure design and development of web and mobile applications. Working in a fast-paced environment, you will bring your expertise and skills to tackle the challenges that impact millions of people on our journey to become the No.1 food platform in Thaila
nd.
What you&aposl
- l do:
Security Assurance: Implement and maintain robust security practices across the software development lifecycle to ensure the security and quality of a wide range of services and pro - ducts.Security Assessments: Conduct regular security assessments, including code inspections, design reviews, threat modeling, and penetration testing, particularly for mobile and web applications, on both new and existing products to identify potential vulnerabilities and security weakn
- esses.Secure Design & Development: Collaborate with engineering teams to enforce secure design principles and ensure compliance with security policies, standards, and guidelines for web and mobile applica
- tions.Consulting & Advisory: Provide security expertise and guidance to engineering and business teams, assisting in the implementation and enforcement of secure design principles and best practices aligned with industry stan
- dards.Security Tools & Research: Research, evaluate, and support the implementation of security tools and technologies that enhance the organization&aposs security po
- sture.Vulnerability Management: Work closely with software engineers to analyze identified security vulnerabilities, provide recommendations for remediation, and track issues through to resol
- ution.Incident Response: Assist in the investigation and response to security incidents related to application security, ensuring timely and effective resolution of security th
reats.
What you need to succeed in th
- is role:
Experience: A minimum of 5 years of experience in application-level vulnerability testing, penetration testing, or building and implementing software security controls. Experience in performing mobile and web penetration tests, particularly in the financial industry under Bank of Thailand (BOT) regulations, is highly d - esirable.Technical Expertise: In-depth knowledge of software development, security engineering, computer and network security, cloud security, authentication mechanisms, security protocols, and applied cryp
- tography.Vulnerability Identification: Proven experience in identifying and remediating common web and mobile application vulnerabilities, including those listed in OWASP Top 10 and Mobil
- e Top 10.Tool Proficiency: Proficient in using various commercial and open-source penetration testing tools, with familiarity in static and dynamic analys
- is tools.Development Skills: Solid understanding of software development principles and experience with one or more programming languages (such as Java, C++, Ruby, Python, Perl, Go) and development frameworks (Spring Framework, Swift, Kotlin, React Native, ReactJS, VueJS) for secure cod
e review.
It would be great i
- f you have:
Cloud & Infrastructure Knowledge: Understanding of modern IT infrastructure, including cloud environments (AWS preferred), Linux containers, and orchestration systems ( - Kubernetes).Cryptography & Architecture: Strong understanding of cryptography, web service frameworks, mobile application architectures, and service-oriented ar
- chitectures.Cer
- tifications:Must-Have: At least one of the following certifications: OSCP, OSWP, OSCE, OS
- EE, or OSWE.Nice-to-Have: Additional certifications such as CISSP, CSSLP, CISM, CEH, GPEN, or
- equivalent.Problem-Solver: Strong analytical and problem-solving skills with a keen eye
- for detail.Team Player: Ability to work collaboratively in a fast-paced, dynamic
- environment.Communication: Excellent communication skills, capable of conveying complex security concepts to both technical and non-technical s
- takeholders.Continuous Learner: A passion for continuous learning and staying updated on the latest trends and advancements in applicati
on security.
