About LINE PayLINE Pay is an integrated online and offline payment platform under LINE MAN Wongnai and LINE Thailand, following the acquisition in August 2023. LINE Pay offers seamless payment services, including an easy and secure digital wallet, and quick on-the-go payment options for purchases, money transfers, or top-ups. LINE Pay services can be utilized within public transportation, for purchasing goods and services from partner brands, as well as for various utility bill payments.What you'll do:
Security Assurance: Implement and maintain robust security practices across the software development lifecycle to ensure the security and quality of a wide range of services and products
Security Assessments: Conduct regular security assessments, including code inspections, design reviews, threat modeling, and penetration testing, particularly for mobile and web applications, on both new and existing products to identify potential vulnerabilities and security weaknesses
Secure Design & Development: Collaborate with engineering teams to enforce secure design principles and ensure compliance with security policies, standards, and guidelines for web and mobile applications
Consulting & Advisory: Provide security expertise and guidance to engineering and business teams, assisting in the implementation and enforcement of secure design principles and best practices aligned with industry standards
Security Tools & Research: Research, evaluate, and support the implementation of security tools and technologies that enhance the organization's security posture
Vulnerability Management: Work closely with software engineers to analyze identified security vulnerabilities, provide recommendations for remediation, and track issues through to resolution
Incident Response: Assist in the investigation and response to security incidents related to application security, ensuring timely and effective resolution of security threats
What you need to succeed in this role:
Experience: A minimum of 5 years of experience in application-level vulnerability testing, penetration testing, or building and implementing software security controls. Experience in performing mobile and web penetration tests, particularly in the financial industry under Bank of Thailand (BOT) regulations, is highly desirable
Technical Expertise: In-depth knowledge of software development, security engineering, computer and network security, cloud security, authentication mechanisms, security protocols, and applied cryptography
Vulnerability Identification: Proven experience in identifying and remediating common web and mobile application vulnerabilities, including those listed in OWASP Top 10 and Mobile Top 10
Tool Proficiency: Proficient in using various commercial and open-source penetration testing tools, with familiarity in static and dynamic analysis tools
Development Skills: Solid understanding of software development principles and experience with one or more programming languages (such as Java, C++, Ruby, Python, Perl, Go) and development frameworks (Spring Framework, Swift, Kotlin, React Native, ReactJS, VueJS) for secure code review.
It would be great if you have:
Cloud & Infrastructure Knowledge: Understanding of modern IT infrastructure, including cloud environments (AWS preferred), Linux containers, and orchestration systems (Kubernetes).
Cryptography & Architecture: Strong understanding of cryptography, web service frameworks, mobile application architectures, and service-oriented architectures.
Certifications: * Must-Have: At least one of the following certifications: OSCP, OSWP, OSCE, OSEE, or OSWE.
Nice-to-Have: Additional certifications such as CISSP, CSSLP, CISM, CEH, GPEN, or equivalent.
Problem-Solver: Strong analytical and problem-solving skills with a keen eye for detail.
Team Player: Ability to work collaboratively in a fast-paced, dynamic environment.
Communication: Excellent communication skills, capable of conveying complex security concepts to both technical and non-technical stakeholders.
Continuous Learner: A passion for continuous learning and staying updated on the latest trends and advancements in application security.
