Job Description

What We Do

Coda delivers commerce solutions that accelerate global growth for our partners. With over a decade of experience, we're trusted by 300+ publishers--including Activision, Bigo, Electronic Arts, Moonton, and Riot Games--to grow their revenue and audiences worldwide.

Our suite of solutions includes Custom Commerce, a fully customizable web store; Codapay, enabling seamless direct payments through API integration on publishers' websites; Codashop, the go-to marketplace for millions of gamers to purchase in-game content; and Distribution, extending Codashop content through our network of trusted commerce partners.

Headquartered in Singapore with a team of 400+ Codans, Coda has been recognized as an industry leader, named an APAC High Growth Company (2023) by Financial Times, one of Granite Asia's NextGenTech 30 (2024), a payments leader on Fortune's Fintech Innovation Asia list (2024), and listed among The Straits Times Fastest Growing Fintechs (2024).

For more on how Coda helps publishers grow faster and smarter, visit coda.co.

Security and Compliance at Coda

Join the ranks of Coda's Security and Compliance team, where the mission is to bolster digital safeguards. We do this by leveraging a variety of security tools to consistently detect, monitor, and neutralize emerging cyber threats, ensuring the protection measures remain invincible. Additionally, our technology governance unit maintains the esteemed status and guarantees adherence to compliance standards amid constantly evolving rules and regulations.

As a guardian of Coda's realm, our corporate IT team oversees all company-wide platforms. These include email, file storage, and different collaboration tools. And that's not all - we also administer a comprehensive suite of service management tasks, from asset, operations, and request workflows to data-driven metrics and dashboards, as well as building up the corporate infrastructure that integrates systems together.

We are looking for an independent, passionate, and persuasive

Security Specialist

to join our Security Engineering team.

You will play a crucial role in driving vulnerability remediation and securing applications from the outset, utilising cutting-edge solutions to effectively prevent attacks and safeguard the business.

Responsibilities

Work closely with the engineering team on all security initiatives, ensuring that products are built securely by default and that audits and remediation efforts are managed to ensure smooth and timely resolution Be flexible, resourceful in problem-solving, and willing to take on new challenges as the business evolves Conduct comprehensive risk assessments and vulnerability analyses to identify potential threats and security gaps in existing and new systems/architectures Implement and manage static and dynamic code analysis tools in the CI/CD pipelines Perform security reviews of the source code and advise developers on the remediation Conduct system vulnerability scanning to identify infrastructure vulnerabilities in networks, systems, middleware and databases Conduct vulnerability risk assessments to evaluate the likelihood and potential impacts of each identified vulnerability. Manage the remediation lifecycle with a risk-based approach to ensure that all vulnerabilities are remediated in accordance with accepted industry standards. Manage the end-to-end process of handling externally reported vulnerabilities or bug bounty reports

Requirements

Total experience of 5-7 years in the area of cybersecurity At least 3 years of experience in the area of vulnerability management At least 3 years of experience in the area of software development and scripting (Java, Node.js, Python) Solid foundations in networking, operating systems, and applications Serve as a self-starter, diligently tracking progress and communicating status updates without prompting Ability to ask the right questions to understand the parameters of any project they're working on or want to undertake Ability to communicate effectively with both technical and non-technical stakeholders Ability to work independently, take ownership of tasks, and drive them to completion Ability to acquire new skills and knowledge independently

Nice to Have

Experience in the area of bug bounty, penetration testing and vulnerability assessment is a plus Knowledge of cloud security is a plus Knowledge of container security is a plus Knowledge of DevSecOps and security tools in CI/CD is a plus OSCP, OSWE, AWS Certified Security - Specialty, Google Professional Cloud Security Engineer, Microsoft Certified: Azure Security Engineer Associate, GPEN, and/or CREST certification is a plus Experience with a tech or financial services company is a plus

Working at Coda

With Codans spread across over 20 countries worldwide, our fast-paced, challenging, and highly collaborative environment breaks down time zones and cultural barriers, empowering you to chase innovative ideas, contribute to Coda's growth, and make a lasting impact.

If you have a passion for pushing boundaries and thrive on continuous improvement through experimentation, we would love to hear from you!

Our Perks

Wellness Boost:

Stay healthy with resources for physical and mental well-being with our flexible benefits and Employee Well-being Program - because you matter!

Customized Benefits

: Tailor your benefits with our flexible plan.

Growth Opportunities

: Unlock your potential through clear progression paths.

Skill Development

: Access training resources to fuel your personal and professional growth.

Volunteer Time Off:

Enjoy paid time off to make a difference in the world through volunteering.

Family Support:

Take advantage of paid Family Care Leave to bond with your family, while our selected Flexible Benefits also cater to your family's needs. Benefits are reviewed and updated on a yearly basis
We are proud to be an equal opportunity employer, embracing the unique qualities of every individual, regardless of gender, race, age, religion, disability, or other local protected classes. Our goal is to foster an inclusive environment where everyone feels welcome and valued.

Due to the large number of exceptional applications we receive, we can only reach out to shortlisted candidates. If you don't hear from us, rest assured there may be another opportunity at Coda that aligns better with your unique abilities. Remember to check our Careers Page for more exciting job openings!