Mô tả Công việc
Job Summary
We are seeking an AppSec/DevSecOps Engineer to help establish and mature our application security and secure development practices. This role will initially focus on standardizing our DevOps pipelines and progressively integrate security into every stage of the software lifecycle. The engineer will support secure software design, application security testing, and
developer enablement programs, with the long-term goal of leading our AppSec capability.
Key Responsibilities
- DevOps Standardization: Streamline and standardize the company's CI/CD pipelines for cybersecurity projects, preparing the foundation for DevSecOps integration.
- Secure SDLC Integration: Embed security controls and checks into software development workflows, from design to deployment.
- Application Security Testing: Implement and maintain SAST, DAST, SCA, and other testing tools within pipelines; triage and coordinate fixes with developers.
- Developer Training & Security Champions: Deliver secure coding training, support Security Champions program, and promote security awareness among developers.
- Security by Design: Collaborate with architects and product teams to ensure applications are designed with security principles in mind (Threat Modeling, Secure Design Review, Security Requirement).
- Framework & Maturity Models: Contribute to the adoption of industry standards and frameworks such as OWASP SAMM for measuring and improving software assurance maturity.
- Continuous Improvement: Proactively recommend enhancements to DevSecOps tools, processes, and policies to improve resilience and efficiency.
***About [protected info]
- Working time: 8:30 - 17:30 Monday - Friday
- Working place: 5th Floor, Con Cưng Super Center, 09 Nguyen Trai Street, Ben Thanh Ward, Dist. 1, HCMC