Senior IT Security (Pentest - Architecture & Application)

IT Security Implementation- Develop and execute security assessments for IT projects and systems.- Conduct vulnerability assessments and penetration testing (Vulnerability Assessment & Penetration Testing) on:- Web applications, Mobile applications (iOS & Android), API, Winform.- Server systems (Windows, Linux), databases, network infrastructure, and cloud environments.- Review and optimize security configurations on servers, network devices, security appliances, and storage systems.
IT Security Operations- Update and manage security vulnerabilities in IT systems, develop and implement remediation plans.- Maintain and ensure compliance with PCI DSS certification and NHNN security standards.- Operate and maintain critical security systems such as SIEM, IPS/IDS, DLP, PIM.- Collaborate with relevant departments to implement security measures such as patch management, antivirus management, and endpoint protection.
Vulnerability Management- Continuously update and monitor security vulnerabilities, malware threats, and risks; analyze and provide recommendations for remediation.- Conduct regular security assessments (VA, Pentest, ASV, APT, segment test) for operating systems, applications, databases, and networks.- Manage, monitor, and ensure remediation of all detected security vulnerabilities in IT services.

Experience: Minimum of 2 years of experience in IT security, including security testing for web applications, mobile applications, server systems, and network devices.- Preferred Qualifications: Security certifications such as GPEN, LPT, CEH, OSCP, or equivalent penetration testing certifications.Candidates with CVEs or contributions to cybersecurity projects are highly preferred.
Education- Bachelor&039;s degree in Information Security, Cybersecurity, Cryptography, IT, Telecommunications, Computer Science, or related fields.
Skills- Strong documentation and report writing skills.- Effective communication and presentation skills.- Analytical and problem- solving abilities.- Risk management skills.
Technical Knowledge- Proficiency in at least one programming language (PHP, Python, C/C++, Java) and understanding of Software- Development Life Cycle (SDLC).- Strong knowledge of networking, security, server operating systems, Middleware, and databases.
IT Proficiency- Proficient in security testing tools, including:- Information gathering, vulnerability scanning, and security exploitation tools.
Experience in- Security testing for Web, API, Mobile, Winform Applications, Network, Infrastructure, and OS.- Identifying and assessing vulnerabilities in IT systems.- Security standards such as PCI DSS, OWASP, and cybersecurity attack techniques.- Reviewing security requirements in BRD and business processes before system development.

- Môi trường làm việc trẻ trung, năng động, sẵn sàng chia sẻ và hỗ trợ.
- Phép năm: 16 ngày phép/năm chưa bao gồm các ngày nghỉ lễ tết
- Thưởng tháng 13 + thưởng hiệu suất công việc hàng năm. Tổng thu nhập 14- 15 tháng/năm
- Thưởng dịp đặc biệt: sinh nhật, ngày thành lập công ty...
- Xét lương hàng năm và lộ trình thăng tiến rõ ràng, đánh giá công bằng, minh bạch.
- Bảo hiểm xã hội, bảo hiểm y tế, bảo hiểm thất nghiệp đóng mức 80% lương
- Mức lương: Thỏa thuận theo năng lực và kinh nghiệm.
- Laptop, màn hình và các phương tiện/tài khoản/công cụ cần thiết cho công việc
- Bảo hiểm sức khỏe, khám sức khỏe định kỳ hàng năm.

Cập nhật gần nhất lúc: 2025-11-07 01:10:03