Senior IT Security (Pentest - Architecture & Application)

• IT Security Implementation
  
  - Develop and execute security assessments for IT projects and systems.
  
  - Conduct vulnerability assessments and penetration testing (Vulnerability Assessment & Penetration Testing) on:
  
  - Web applications, Mobile applications (iOS & Android), API, Winform.
  
  - Server systems (Windows, Linux), databases, network infrastructure, and cloud environments.
  
  - Review and optimize security configurations on servers, network devices, security appliances, and storage systems.

• IT Security Operations
  
  - Update and manage security vulnerabilities in IT systems, develop and implement remediation plans.
  
  - Maintain and ensure compliance with PCI DSS certification and NHNN security standards.
  
  - Operate and maintain critical security systems such as SIEM, IPS/IDS, DLP, PIM.
  
  - Collaborate with relevant departments to implement security measures such as patch management, antivirus management, and endpoint protection.

• Vulnerability Management
  
  - Continuously update and monitor security vulnerabilities, malware threats, and risks; analyze and provide recommendations for remediation.
  
  - Conduct regular security assessments (VA, Pentest, ASV, APT, segment test) for operating systems, applications, databases, and networks.
  
  - Manage, monitor, and ensure remediation of all detected security vulnerabilities in IT services.

1. Education
   
   - Bachelor's degree in Information Security, Cybersecurity, Cryptography, IT, Telecommunications, Computer Science, or related fields.
2. Technical Knowledge
   
   - Proficiency in at least one programming language (PHP, Python, C/C++, Java) and understanding of Software - Development Life Cycle (SDLC).
   
   - Strong knowledge of networking, security, server operating systems, Middleware, and databases.
3. Experience in
   
   - Security testing for Web, API, Mobile, Winform Applications, Network, Infrastructure, and OS.
   
   - Identifying and assessing vulnerabilities in IT systems.
   
   - Security standards such as PCI DSS, OWASP, and cybersecurity attack techniques.
   
   - Reviewing security requirements in BRD and business processes before system development.
4. IT Proficiency
   
   - Proficient in security testing tools, including:
   
   - Information gathering, vulnerability scanning, and security exploitation tools.
5. Skills
   
   - Strong documentation and report writing skills.
   
   - Effective communication and presentation skills.
   
   - Analytical and problem-solving abilities.
   
   - Risk management skills.
6. Experience: Minimum of 2 years of experience in IT security, including security testing for web applications, mobile applications, server systems, and network devices.
   
   - Preferred Qualifications: Security certifications such as GPEN, LPT, CEH, OSCP, or equivalent penetration testing certifications.Candidates with CVEs or contributions to cybersecurity projects are highly preferred.

- Mức lương: Thỏa thuận theo năng lực và kinh nghiệm.

- Thưởng tháng 13 + thưởng hiệu suất công việc hàng năm. Tổng thu nhập 14-15 tháng/năm

- Thưởng dịp đặc biệt: sinh nhật, ngày thành lập công ty...

- Phép năm: 16 ngày phép/năm chưa bao gồm các ngày nghỉ lễ tết

- Bảo hiểm xã hội, bảo hiểm y tế, bảo hiểm thất nghiệp đóng mức 80% lương

- Bảo hiểm sức khỏe, khám sức khỏe định kỳ hàng năm.

- Laptop, màn hình và các phương tiện/tài khoản/công cụ cần thiết cho công việc

- Xét lương hàng năm và lộ trình thăng tiến rõ ràng, đánh giá công bằng, minh bạch.

- Môi trường làm việc trẻ trung, năng động, sẵn sàng chia sẻ và hỗ trợ.