Security Specialist
Coda
Bangkok, Thailand
Posted on Oct 9, 2025
Why Coda
Coda is a global growth engine for commerce. We bring together powerful capabilities that connect people, digital products, and payments through our suite of trusted digital monetization and distribution solutions.
We recently acquired Recharge, Europe’s leading prepaid payments and digital gift card business, bringing both companies together into one organisation with broader reach, deeper capabilities across B2B and B2C commerce and a stronger global footprint.
Today, we stand as a team of more than 600 people, representing 57 nationalities across 23 locations. We are headquartered in Singapore with offices in Amsterdam, Dubai, Shanghai and other hubs across Southeast Asia.
Our B2B business works with publishers and brands to support growth across markets. We run Codapay for local payment acceptance and Custom Commerce for direct-to-consumer webstores. We manage catalogue, prepaid and distribution services that extend reach globally, and we operate Giftcloud’s rewards and incentives capabilities. We take on the operational complexity around payments, tax and compliance so partners can scale with clarity and focus.
On the consumer side, we operate a portfolio of trusted storefronts including Codashop, Recharge.com , Startselect.com , mobiletopup.co.uk and other local sites that give customers secure and easy access to digital credit, game vouchers, gift cards and prepaid products.
Our people are at the heart of what we do. Coda’s culture is centered on respect, clarity, ownership, and collaboration. We work hard and play hard together.
If you’re looking for growth and impact in a fast-paced global team, Coda is the place for you.
We are looking for an independent, passionate, and persuasive Security Specialist to join our Security Engineering team.
You will play a crucial role in driving vulnerability remediation and securing applications from the outset, utilising cutting-edge solutions to effectively prevent attacks and safeguard the business.
Responsibilities
- Work closely with the engineering team on all security initiatives, ensuring that products are built securely by default and that audits and remediation efforts are managed to ensure smooth and timely resolution
- Be flexible, resourceful in problem-solving, and willing to take on new challenges as the business evolves
- Conduct comprehensive risk assessments and vulnerability analyses to identify potential threats and security gaps in existing and new systems/architectures
- Implement and manage static and dynamic code analysis tools in the CI/CD pipelines
- Perform security reviews of the source code and advise developers on the remediation
- Conduct system vulnerability scanning to identify infrastructure vulnerabilities in networks, systems, middleware and databases
- Conduct vulnerability risk assessments to evaluate the likelihood and potential impacts of each identified vulnerability.
- Manage the remediation lifecycle with a risk-based approach to ensure that all vulnerabilities are remediated in accordance with accepted industry standards.
- Manage the end-to-end process of handling externally reported vulnerabilities or bug bounty reports
Requirements
- Total experience of 5-7 years in the area of cybersecurity
- At least 3 years of experience in the area of vulnerability management
- At least 3 years of experience in the area of software development and scripting (Java, Node.js, Python)
- Solid foundations in networking, operating systems, and applications
- Serve as a self-starter, diligently tracking progress and communicating status updates without prompting
- Ability to ask the right questions to understand the parameters of any project they're working on or want to undertake
- Ability to communicate effectively with both technical and non-technical stakeholders
- Ability to work independently, take ownership of tasks, and drive them to completion
- Ability to acquire new skills and knowledge independently
Nice to Have
- Experience in the area of bug bounty, penetration testing and vulnerability assessment is a plus
- Knowledge of cloud security is a plus
- Knowledge of container security is a plus
- Knowledge of DevSecOps and security tools in CI/CD is a plus
- OSCP, OSWE, AWS Certified Security - Specialty, Google Professional Cloud Security Engineer, Microsoft Certified: Azure Security Engineer Associate, GPEN, and/or CREST certification is a plus
- Experience with a tech or financial services company is a plus
We are proud to be an equal opportunity employer, embracing the unique qualities of every individual, regardless of gender, race, age, religion, disability, or other local protected classes. Our goal is to foster an inclusive environment where everyone feels welcome and valued.
Due to the large number of exceptional applications we receive, we can only reach out to shortlisted candidates. If you don't hear from us, rest assured there may be another opportunity at Coda that aligns better with your unique abilities. Remember to check our Careers Page for more exciting job openings!