Area: Cybersecurity
Job Description
-
Perform manual and automated penetration testing for web, mobile, and API applications. Identify, classify, and prioritize vulnerabilities; provide actionable remediation recommendations; validate patches; and ensure systems are securely operational.
-
Define and implement security controls across the SDLC. Conduct threat modeling, risk assessments during the design phase, and provide secure coding consultation for development teams.
-
Design and implement automated security controls in CI/CD pipelines: integrate and operate SAST, DAST, SCA, and container/k8s security. Collaborate with DevOps to ensure secure deployments.
-
Train and mentor developers and stakeholders on secure coding, secure SDLC, and best practices.
-
Research, evaluate, and adopt emerging AppSec technologies and tools into organizational processes.
Requirements
-
Bachelor’s degree or higher in Computer Science, Cybersecurity, or related fields.
-
Minimum 7 years of experience in Application Security or Penetration Testing, with at least 2 years in a managerial position.
-
Strong understanding of common vulnerabilities (OWASP Top 10, CWE, SANS 25) and exploitation techniques.
-
Preferred qualifications:
-
Experience implementing/integrating SAST, DAST, SCA, or container/k8s security in CI/CD.
-
Solid knowledge of SDLC security models, threat modeling, and risk assessment.
-
Experience with cloud security (AWS, Azure, GCP), container/k8s, or IaC security.
-
Certifications such as OSCP, GWAPT, CSSLP, CEH, or equivalent.
-
HOW TO APPLY: Please send your CV to the consultant in charge:
Ms. Quynh Uyen
Email: uyen.nguyen@ev-search.com
All applications will be considered without regard to race, color, religion, sex (inclusing pregnancy and fender identity), national origion, political affiliation, sexual orientation, mariatal status, disability, genetic information, age, membership in an employee organization, parental status, military service or other nonmerit factor
