Security Specialist

What We DoCoda delivers commerce solutions that accelerate global growth for our partners. With over a decade of experience, we’re trusted by 300+ publishers—including Activision, Bigo, Electronic Arts, Moonton, and Riot Games—to grow their revenue and audiences worldwide.Our suite of solutions includes Custom Commerce, a fully customizable web store; Codapay, enabling seamless direct payments through API integration on publishers’ websites; Codashop, the go-to marketplace for millions of gamers to purchase in-game content; and Distribution, extending Codashop content through our network of trusted commerce partners.Headquartered in Singapore with a team of 400+ Codans, Coda has been recognized as an industry leader, named an APAC High Growth Company (2023) by Financial Times, one of Granite Asia’s NextGenTech 30 (2024), a payments leader on Fortune’s Fintech Innovation Asia list (2024), and listed among The Straits Times Fastest Growing Fintechs (2024).For more on how Coda helps publishers grow faster and smarter, visit coda.co.Security and Compliance at CodaJoin the ranks of Coda's Security and Compliance team, where the mission is to bolster digital safeguards. We do this by leveraging a variety of security tools to consistently detect, monitor, and neutralize emerging cyber threats, ensuring the protection measures remain invincible. Additionally, our technology governance unit maintains the esteemed status and guarantees adherence to compliance standards amid constantly evolving rules and regulations.As a guardian of Coda's realm, our corporate IT team oversees all company-wide platforms. These include email, file storage, and different collaboration tools.  And that's not all - we also administer a comprehensive suite of service management tasks, from asset, operations, and request workflows to data-driven metrics and dashboards, as well as building up the corporate infrastructure that integrates systems together.We are looking for an independent, passionate, and persuasive Security Specialist to join our Security Engineering team. You will play a crucial role in driving vulnerability remediation and securing applications from the outset, utilising cutting-edge solutions to effectively prevent attacks and safeguard the business.ResponsibilitiesWork closely with the engineering team on all security initiatives, ensuring that products are built securely by default and that audits and remediation efforts are managed to ensure smooth and timely resolutionBe flexible, resourceful in problem-solving, and willing to take on new challenges as the business evolvesConduct comprehensive risk assessments and vulnerability analyses to identify potential threats and security gaps in existing and new systems/architecturesImplement and manage static and dynamic code analysis tools in the CI/CD pipelinesPerform security reviews of the source code and advise developers on the remediationConduct system vulnerability scanning to identify infrastructure vulnerabilities in networks, systems, middleware and databasesConduct vulnerability risk assessments to evaluate the likelihood and potential impacts of each identified vulnerability. Manage the remediation lifecycle with a risk-based approach to ensure that all vulnerabilities are remediated in accordance with accepted industry standardsManage the end-to-end process of handling externally reported vulnerabilities or bug bounty reportsRequirementsTotal experience of 5-7 years in the area of cybersecurityAt least 3 years of experience in the area of vulnerability managementAt least 3 years of experience in the area of software development and scripting (Java, Node.js, Python)Solid foundations in networking, operating systems, and applicationsServe as a self-starter, diligently tracking progress and communicating status updates without promptingAbility to ask the right questions to understand the parameters of any project they're working on or want to undertakeAbility to communicate effectively with both technical and non-technical stakeholdersAbility to work independently, take ownership of tasks, and drive them to completionAbility to acquire new skills and knowledge independentlyNice to HaveExperience in the area of bug bounty, penetration testing and vulnerability assessment is a plusKnowledge of cloud security is a plusKnowledge of container security is a plusKnowledge of DevSecOps and security tools in CI/CD is a plusOSCP, OSWE, AWS Certified Security - Specialty, Google Professional Cloud Security Engineer, Microsoft Certified: Azure Security Engineer Associate, GPEN, and/or CREST certification is a plusExperience with a tech or financial services company is a plusWorking at CodaWith Codans spread across over 20 countries worldwide, our fast-paced, challenging, and highly collaborative environment breaks down time zones and cultural barriers, empowering you to chase innovative ideas, contribute to Coda’s growth, and make a lasting impact.If you have a passion for pushing boundaries and thrive on continuous improvement through experimentation, we would love to hear from you!Our Perks*Wellness Boost: Stay healthy with resources for physical and mental well-being with our flexible benefits and Employee Well-being Program - because you matter!Customized Benefits: Tailor your benefits with our flexible plan.Growth Opportunities: Unlock your potential through clear progression paths.Skill Development: Access training resources to fuel your personal and professional growth.Volunteer Time Off: Enjoy paid time off to make a difference in the world through volunteering.Family Support: Take advantage of paid Family Care Leave to bond with your family, while our selected Flexible Benefits also cater to your family's needs.Benefits are reviewed and updated on a yearly basisWe are proud to be an equal opportunity employer, embracing the unique qualities of every individual, regardless of gender, race, age, religion, disability, or other local protected classes. Our goal is to foster an inclusive environment where everyone feels welcome and valued.Due to the large number of exceptional applications we receive, we can only reach out to shortlisted candidates. If you don't hear from us, rest assured there may be another opportunity at Coda that aligns better with your unique abilities. Remember to check our Careers Page for more exciting job openings!