Senior IT Application Security

Application Security Engineer: (1 Headcount)

1. Penetration Testing and Vulnerability Assessment:

• Perform advanced penetration testing on web applications, mobile applications, networks, and IT infrastructure.
• Identify security vulnerabilities and assess their potential impact.
• Conduct manual and automated security testing.
• Simulate real-world attack scenarios to evaluate the effectiveness of existing security controls.

2. Security Assessment and Reporting:

• Document and report vulnerabilities along with comprehensive risk assessments and remediation recommendations.
• Develop detailed and structured penetration testing reports for stakeholders.
• Provide post-assessment debriefings to management and technical teams.

3. Security Tooling and Automation:

• Develop, maintain, and enhance automated security testing frameworks.
• Evaluate and implement new tools and technologies to improve penetration testing capabilities.

4. Research and Innovation:

• Keep abreast of emerging threats, vulnerabilities, and industry best practices.
• Develop and share knowledge on new attack vectors, techniques, and mitigation strategies.

5. Collaboration and Support:

• Work closely with PO, SRE, developers, and security teams to resolve identified vulnerabilities.
• Participate in incident response and forensic analysis when required.
• Assist in the development of security policies and procedures.

Operation Security Engineer: (1 Headcount)

1. Security Operations & Monitoring

• Implementation, Oversee and fine-tune SIEM (Security Information and Event Management) solutions to detect and respond to security incidents.
• Monitor network, endpoint, and cloud environments for vulnerabilities, threats, and anomalies.
• Investigate security alerts and take proactive steps to prevent potential breaches.
• Implement Security Orchestration, Automation, and Response (SOAR) tools to enhance incident response efficiency.

2. Threat Detection & Incident Response

• Lead incident response activities, including threat containment, eradication, and recovery.
• Conduct forensic investigations and root cause analysis on security incidents.
• Develop and maintain Incident Response Plans (IRP) and ensure team readiness for cyber-attacks.
• Collaborate with SOC teams to enhance threat intelligence capabilities.

3. Vulnerability & Patch Management

• Regularly conduct vulnerability assessments and penetration testing on internal and external systems.
• Work with DevOps, IT, and product teams to remediate security weaknesses.
• Ensure timely patching and updates to reduce attack surface.

4. Security Hardening & Compliance

• Implement best practices for system hardening across Windows, Linux, cloud, and container environments.
• Enforce security configurations in line with NIST, ISO 27001, CIS Benchmarks, and other industry standards.
• Ensure compliance with Vietnamese cybersecurity regulations and global security frameworks.

5. Cloud & Application Security

• Secure cloud-based environments (GCP, Azure) and ensure secure DevOps (DevSecOps) practices.
• Work closely with developers to integrate application security testing (SAST, DAST, IAST) into CI/CD pipelines.
• Conduct security architecture reviews to identify potential risks in new applications and systems.

Application Security:

Education & Experience

• Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field.
• Relevant certifications are highly preferred (e.g., OSCP, OSWE, CEH).
• Minimum of 3-5 years of experience in penetration testing and vulnerability assessment.
• Proven track record of conducting successful penetration tests and identifying critical vulnerabilities.
• Strong experience with penetration testing tools (e.g., Burp Suite, Metasploit, Nessus, Nmap, Kali Linux).
• Hands-on experience with scripting languages (e.g., Python, Bash, PowerShell) to develop testing scripts.

Technical & Soft Skills

• In-depth understanding of web, mobile, and network security principles.
• Familiarity with secure coding practices and security testing methodologies (e.g., OWASP, NIST).
• Proficient in analyzing and exploiting common vulnerabilities (e.g., SQL Injection, XSS, CSRF).
• Strong analytical and problem-solving skills.
• Excellent verbal and written communication skills.

Operation Security:

Education & Experience

• Bachelor's degree in information security, Computer Science, Risk Management, or related fields.
• 3 + years of experience in Security Operations (SecOps), Incident Response, or Cloud Security.
• Experience with SOC operations, threat hunting, and security automation.
• Strong knowledge of intrusion detection systems (IDS/IPS), firewalls, and endpoint protection.
• Hands-on experience with SIEM (Splunk, ELK, QRadar, Microsoft Sentinel, etc.).
• Familiarity with offensive security tools (Kali Linux, Metasploit, Burp Suite) and defensive tools (EDR, XDR, WAF).

Technical & Soft Skills

• Strong knowledge of cyber threat intelligence, malware analysis, and digital forensics.
• Proficiency in scripting (Python, Bash, PowerShell) for automation.
• Understanding of zero-trust security models, IAM, and privileged access management.
• Excellent problem-solving skills and the ability to handle high-pressure situations....

Benefits

• 13th salary
• Social Insurance
• Medical healthcare
• Annual health check
• 15 days annual leave
• Transportation fee (BE's services)
• Performance bonus
• Holiday bonus
• Team Building and many engagement activities