Application Security Specialist

What We Do
Coda delivers commerce solutions that accelerate global growth for our partners. With over a decade of experience, we’re trusted by 300+ publishers—including Activision, Bigo, Electronic Arts, Moonton, and Riot Games—to grow their revenue and audiences worldwide.
Our suite of solutions includes Custom Commerce, a fully customizable web store; Codapay, enabling seamless direct payments through API integration on publishers’ websites; Codashop, the go-to marketplace for millions of gamers to purchase in-game content; and Distribution, extending Codashop content through our network of trusted commerce partners.
Headquartered in Singapore with a team of 400+ Codans, Coda has been recognized as an industry leader, named an APAC High Growth Company (2023) by Financial Times, one of Granite Asia’s NextGenTech 30 (2024), a payments leader on Fortune’s Fintech Innovation Asia list (2024), and listed among The Straits Times Fastest Growing Fintechs (2024).
For more on how Coda helps publishers grow faster and smarter, visit coda.co.

• Conduct system vulnerability scanning to identify infrastructure vulnerabilities in networks, systems, middleware and databases.
• Able to execute manual penetration testing and techniques to concentrate on business logic flaws and weaknesses exploitable by automated tools and scripts. 
• Design the secure software development lifecycle to define the security requirements, control gates and go-live criteria.
• Develop threat modelling to perform a systematic analysis of weak areas or gaps from an attacker's perspective. 
• Review and integrate security principles into the application design and concepts at the requirement gathering and design review stage.
• Define the operational processes for static and dynamic code analysis tools by integration into the CI/CD pipelines. 
• Perform security review of source code and advise the developers in the area of input validation, authentication management, session management, access control, cryptography, error handling, secure file management, memory management and data protection.
• Perform vulnerability risk assessments to evaluate the likelihood and impacts of each vulnerability identified. 
• Conduct manual verifications of vulnerabilities to reduce false positives and enhance the remediation efforts by shortening the remediation time frames.
• Manage the remediation lifecycle with a risk-based approach to ensure all vulnerabilities are remediated according to acceptable industry standards.
• Manage the end-to-end process of handling externally reported vulnerabilities.

Requirements

• Total experience of 5-7 years in cyber security.
• At least 3 years of experience in the areas of bug bounty, penetration testing and vulnerability assessment
• At least 2 years of experience in the area of vulnerability management
• At least 2 years of experience in the area of software development and scripting is a plus
• Familiarity with security tools such as Burp Suite, Wireshark, Tenable, NMap, SQLMap, Kali Linux
• Knowledge of programming and scripting languages and reviewing source code is a plus
• Knowledge of cloud security is a plus
• Knowledge of container security is a plus 
• Knowledge of DevSecOps and security tools in CI/CD is a plus
• OSCP, OSWE, AWS Certified Security - Specialty, Google Professional Cloud Security Engineer, Microsoft Certified: Azure Security Engineer Associate, GPEN, and/or CREST certification is a plus
• Experience with a tech or financial services company is a plus

Working at Coda
With Codans spread across over 20 countries worldwide, our fast-paced, challenging, and highly collaborative environment breaks down time zones and cultural barriers, empowering you to chase innovative ideas, contribute to Coda’s growth, and make a lasting impact.
If you have a passion for pushing boundaries and thrive on continuous improvement through experimentation, we would love to hear from you!
Our Perks*
Wellness Boost: Stay healthy with resources for physical and mental well-being with our flexible benefits and Employee Well-being Program - because you matter!
Customized Benefits: Tailor your benefits with our flexible plan.
Growth Opportunities: Unlock your potential through clear progression paths.
Skill Development: Access training resources to fuel your personal and professional growth.
Volunteer Time Off: Enjoy paid time off to make a difference in the world through volunteering.
Family Support: Take advantage of paid Family Care Leave to bond with your family, while our selected Flexible Benefits also cater to your family's needs.
*Benefits are reviewed and updated on a yearly basis
We are proud to be an equal opportunity employer, embracing the unique qualities of every individual, regardless of gender, race, age, religion, disability, or other local protected classes. Our goal is to foster an inclusive environment where everyone feels welcome and valued.
Due to the large number of exceptional applications we receive, we can only reach out to shortlisted candidates. If you don't hear from us, rest assured there may be another opportunity at Coda that aligns better with your unique abilities. Remember to check our Careers Page for more exciting job openings!