Senior Security Engineer Application Operation

Mô tả công việc

Identify security vulnerabilities and assess their potential impact.
Perform advanced penetration testing on web applications, mobile applications, networks, and IT infrastructure.
Conduct manual and automated security testing.
Simulate real- world attack scenarios to evaluate the effectiveness of existing security controls.

Document and report vulnerabilities along with comprehensive risk assessments and remediation recommendations.
Develop detailed and structured penetration testing reports for stakeholders.
Provide post- assessment debriefings to management and technical teams.

Evaluate and implement new tools and technologies to improve penetration testing capabilities.
Develop, maintain, and enhance automated security testing frameworks.

Develop and share knowledge on new attack vectors, techniques, and mitigation strategies.
Keep abreast of emerging threats, vulnerabilities, and industry best practices.

Work closely with PO, SRE, developers, and security teams to resolve identified vulnerabilities.
Assist in the development of security policies and procedures.
Participate in incident response and forensic analysis when required.

Implement Security Orchestration, Automation, and Response (SOAR) tools to enhance incident response efficiency.
Investigate security alerts and take proactive steps to prevent potential breaches.
Implementation, Oversee and fine- tune SIEM (Security Information and Event Management) solutions to detect and respond to security incidents.
Monitor network, endpoint, and cloud environments for vulnerabilities, threats, and anomalies.

Develop and maintain Incident Response Plans (IRP) and ensure team readiness for cyber- attacks.
Collaborate with SOC teams to enhance threat intelligence capabilities.
Lead incident response activities, including threat containment, eradication, and recovery.
Conduct forensic investigations and root cause analysis on security incidents.

Work with DevOps, IT, and product teams to remediate security weaknesses.
Regularly conduct vulnerability assessments and penetration testing on internal and external systems.
Ensure timely patching and updates to reduce attack surface.

Enforce security configurations in line with NIST, ISO 27001, CIS Benchmarks, and other industry standards.
Implement best practices for system hardening across Windows, Linux, cloud, and container environments.
Ensure compliance with Vietnamese cybersecurity regulations and global security frameworks.

Work closely with developers to integrate application security testing (SAST, DAST, IAST) into CI/CD pipelines.
Conduct security architecture reviews to identify potential risks in new applications and systems.
Secure cloud- based environments (GCP, Azure) and ensure secure DevOps (DevSecOps) practices.

Yêu cầu công việc

Application Security:

Education & Experience

• Bachelor’s degree in computer science, Cybersecurity, Information Technology, or a related field.
• Relevant certifications are highly preferred (e.g., OSCP, OSWE, CEH).
• Minimum of 3- 5 years of experience in penetration testing and vulnerability assessment.
• Proven track record of conducting successful penetration tests and identifying critical vulnerabilities.
• Strong experience with penetration testing tools (e.g., Burp Suite, Metasploit, Nessus, Nmap, Kali Linux).
• Hands- on experience with scripting languages (e.g., Python, Bash, PowerShell) to develop testing scripts.

Technical & Soft Skills

• In- depth understanding of web, mobile, and network security principles.
• Familiarity with secure coding practices and security testing methodologies (e.g., OWASP, NIST).
• Proficient in analyzing and exploiting common vulnerabilities (e.g., SQL Injection, XSS, CSRF).
• Strong analytical and problem- solving skills.
• Excellent verbal and written communication skills.

Operation Security:

Education & Experience

• Bachelor’s degree in information security, Computer Science, Risk Management, or related fields.
• 3 + years of experience in Security Operations (SecOps), Incident Response, or Cloud Security.
• Experience with SOC operations, threat hunting, and security automation.
• Strong knowledge of intrusion detection systems (IDS/IPS), firewalls, and endpoint protection.
• Hands- on experience with SIEM (Splunk, ELK, QRadar, Microsoft Sentinel, etc.).
• Familiarity with offensive security tools (Kali Linux, Metasploit, Burp Suite) and defensive tools (EDR, XDR, WAF).

Technical & Soft Skills

• Strong knowledge of cyber threat intelligence, malware analysis, and digital forensics.
• Proficiency in scripting (Python, Bash, PowerShell) for automation.
• Understanding of zero- trust security models, IAM, and privileged access management.
• Excellent problem- solving skills and the ability to handle high- pressure situations....

Benefits

13th salary
Team Building and many engagement activities
Transportation fee (BE&039;s services)
Annual health check
Holiday bonus
Social Insurance
15 days annual leave
Medical healthcare
Performance bonus

Cập nhật gần nhất lúc: 2025-11-06 15:20:02