Back to your search
Apply Now
Print Report Share View in new tab
22 February 2020
Job ID: BK-191975
Security Engineer - Application / Systems / GRC

Application Security Engineer

The Application Security Engineer will conduct both automated and manual assessments of application/website code to detect vulnerabilities before it ships. In this position, you will also act as a subject matter expert in all things related to application security.

Job Responsibilities:

  • Perform penetration testing on our internal and external applications.
  • Implement automation for finding vulnerabilities in CI/CD process.
  • Improving data security through use of encryption/key management, segregation, or other techniques.
  • Helping engineers design more secure systems via design input and code review.
  • Develop secure coding guidelines.
  • Deliver web application security training to developers.
  • Be a security subject matter expert and respond to any internal security engineering questions/request.
  • Perform reactive incident response when a security event occurs.
  • Perform proactive research to detect new attack vectors


  • Experience as a developer, ideally with PHP, Python, or Node.js.
  • Relevant Certifications [CEH, OSCP, GIAC (GPEN)].
  • 5+ years of work experience in an application security role.
  • Excellent Spoken and Written English.
  • Knowledge of Agile Development processes.
  • Familiar with application security attacks and countermeasures.
  • Familiar with both automated and manual assessment techniques.
  • Comfortable explaining technical vulnerabilities and risks to both technical and non-technical audiences.
  • In-depth experience identifying and protecting against web application vulnerabilities.
  • Experience with various application and infrastructure security tools and products (Burp Suite, Fortify, IBM AppScan, WebInspect, Nmap, Nessus, or OWASP ZAP).
  • Strong knowledge of browser security model, mobile app security, cryptography and network security.
  • Experience with security tools for static analysis, dynamic analysis, penetration testing, intrusion detection.


Systems Security Engineer

The Systems Security Engineer will implement and monitor security measures for the protection of computer systems, networks and data.

Job Responsibilities:

  • Conduct user account audits across various systems.
  • Conduct network vulnerability scans.
  • Document Server hardening guidelines.
  • Perform firewall policy audits
  • Proactively offer, deploy and monitor security solutions where the business dictates.
  • Patching and upgrades of all security systems and services where applicable
  • Perform periodic penetration testing.
  • Conduct Wireless Security Assessments.
  • Investigation of HIDS, SIEM, and other automated alerts.
  • Ensure PCI compliance status of network devices and servers.
  • Assist in annual PCI recertification efforts.


  • Excellent Spoken and Written English.
  • Familiar with security products such as Nessus, OSSEC, Metasploit, nmap, Fail2Ban, Fortigate, OpenVPN, and Wireshark.
  • Excellent understanding of Linux operating systems.
  • Minimum 3 - 5 years of experience in Network and Systems Security.
  • Good Knowledge in Intrusion Detection/Prevention Systems.
  • Good Knowledge of IPSEC VPN tunnels.
  • Good Knowledge in Firewall concepts.
  • Good Knowledge in SIEM.
  • Experience in OS Hardening including Windows and Linux.
  • System Admin/ DevOps background.
  • Docker container configuration and security
  • Professional security management certification: CISSP preferred


GRC Security Engineer

The Governance, Risk, and Compliance Engineer is responsible for the assessing and documenting of the aCommerce’s compliance and risk posture as they relate to the its information assets.  This position is also responsible for oversight and coordination of third-party security assurance, policy documentation, and security awareness training.

Job Responsibilities:

  • Create required Security Policy documents
  • Review security components of legal contracts, Statements of work, and other contractual documents
  • Complete third-party security due diligence questionnaires.
  • Provide New Hire Orientation and deliver periodic Security Awareness Presentations.
  • Assist in annual PCI certification efforts.
  • Coordinate with the Infrastructure teams to audit ID Badges, physical access controls, and CCTV deployments.
  • Improve Security Awareness posters and signage displayed in all offices.
  • Security Software Acquisition/Renewal.
  • Actively involved with Disaster Recovery and Business Continuity Planning.


  • Excellent Spoken and Written English.
  • Must have a good grasp of legal terminology.
  • Experience performing information security audits or risk assessments
  • Familiarity with security auditing processes
  • Knowledge of information security risk management frameworks and compliance practices.
  • Experience in ISO27001, PCI DSS, and Thai Cyber Law Crime Act.
  • Professional security management certification: CISSP or CISA preferred.


Personal Attributes:

  • Ability to conduct research into a wide range of security issues as required.
  • Ability to absorb and retain information quickly.
  • Ability to present ideas in user-friendly language.
  • Highly self-motivated and directed.
  • Keen attention to detail.
  • Proven analytical and problem-solving abilities.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Exceptional customer service orientation.
  • Experience working in a team-oriented, collaborative environment.



  • Group health insurance and life insurance
  • Free lunch everyday
  • Daily 15-minute Thai Massage
  • Work from home 1 day per month
  • Vacation leave 14 days per year
  • Leaves for marriage, priesthood, bereavement and parental
Apply Now

Job Details:
  • Employment Type:
    Full Time, Permanent
  • Career Level:
    Middle Level
  • Required Qualification:
  • Required Experience:
    3 years
  • Job Functions:
  • Company Industry:
    Information Technology
  • Location:
    Wattana, Bangkok, Thailand
  • Salary:
    Salary negotiable

  • Five-day work week
  • Performance bonus
  • Medical insurance
  • Dental insurance
  • Life insurance

aCommerce Co., Ltd.

About aCommerce aCommerce is an Ecommerce enabler for businesses in ASEAN. We provide holistic end-to-end Ecommerce solutions covering marketing, channel management, call center, fulfillment and logistics in one integrated platform. Founded in 2013 we are currently 1300 employees and continuously hiring to support our business growth. Our Culture Embrace and Drive Change If you are not prepared to deal with constant change, then you probably are not a good fit for the company. We embrace it enthusiastically, and perhaps even more importantly, to encourage and drive it. Personal Growth It’s important to constantly challenge and stretch yourself and not be stuck in a job where you don’t feel like you are growing or learning. Our goal is to help employees unlock that potential.

Is this your company? Claim it now!