Mô Tả Công Việc
The position is based in Ho Chi Minh City. The role will report to the IT Governance & Security Manager, and handle the following responsibilities:
1.Own and conduct end-to-end penetration testing for the Company's systems:
- Perform security testing of web/mobile applications, networks, and operating systems.
- Conduct attack exploitation using manual penetration testing (MPT) and automatic tools according to the security test plan and checklist.
- Create a security report and provide applicable recommendations based on the test performed.
- Provide summary reports that will help the board of management team understand the company's security posture.
2.Join the Incident Response Team:
- Collaborate with other IT teams and user departments to handle information security incidents, analyze application logs, security logs, trace root causes, detect actors, propose solutions to prevent attacks, and develop best practices to enhance security systems.
3.Participate in the projects:
- External partners for independent security assessment: propose the scope of services; understand and verify the findings in penetration testing projects; etc.
- Security solutions implementation or enhancement projects: analyze and develop security protection requirements; evaluate the proposal; validate the deliveries; etc.
4.Self-development:
- Research and self-improve on new attack exploitation methods and appropriate security standards.
- Perform other tasks as required by the manager.
5.Other tasks assigned by superiors
Yêu Cầu Công Việc
- Graduated from a university or higher education, major in computer science.
- Have 3 years of experience in testing OWASPTop 10, web applications, mobile applications, APIs, network penetration testing, and performing as a red team member.
- In-depth knowledge of penetration testing tools and common vulnerabilities.
- Ability to read and analyze system, database, and application logs.
- Ability to present the security penetration testing report (in English and Vietnamese) and explain it to the technical team, while ensuring that the summary section is understandable by the business management team.
- Honesty, meticulous, careful, enthusiastic and high sense of responsibility at work.
- While Vietnamese communication skills are essential, this position also requires good English communication skills (both written and spoken) in the workplace.
- The candidate possessing any or some of the following expertise is a plus:
- Experience in a cyber incident response team.
- Proficiency in web application programming languages (C#, PHP, Python).
- Experience in source code review. d) Proficiency in programming scripts to perform security testing.
- International security certificates such as CEH, OSCP, etc.
Practice in HackTheBox lab environment, Portswigger, or participation in CTF programs, bug bounty, etc
Hình thức
Quyền Lợi
- 13th month salary.
- Holidays and full annual leave in accordance with State regulations.
- Participate in all insurances (social insurance, health insurance, unemployment insurance), enjoy full policies and regimes according to the Labor Law.
- Dynamic and humane working environment Annual trip.
Mức lương
Thỏa thuận
Tham khảo: 10 Dấu hiệu nhận biết hành vi lừa đảo qua tin tuyển dụng.