IT Security Expert (Appsec)

AppSecEngineering:
Vulnerability assessment and penetration testing program and responsible for the design and performance of application security robustness tests :
- Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators
- Deliver the annual penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests
- Mentor and coach other IT security staff to provide guidance and expertise in their growth
- Automate penetration and other security testing on networks, systems and applications
- Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk
- Operate a hands- on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications/devices
- Foster and maintain relationships with key stakeholders and business partners
- Produce actionable, threat- based, reports on security testing results
- Act as a source of direction, training, and guidance for less experienced staff
- Develop and maintain security testing plans
- Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation

Education:
- Bachelor&039;s or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry- related curriculum)
Experience:
- 3+ years or more of working experience in IT security banking, good knowledge international IT security standards (ISO 270001, PCI- DSS,…), ITIL
- Experienced in implementing ISO27000/PCI- DSS is preferred
- Good using some tools for hacking: VA, APPScan, Metaexploit, kalilinux
- Have good knowledge with pen test with OWSAP Standard and ability discovery & exploit vulnerabilities, cyber attack
- Expert with architect, security technology, integration
- Have good knowledge about: network security, system security, application security and virus/malwares, secure coding
Have good knowledge with secure coding with some languages: Python, Shell, PHP and have good knowledge with encryption, cryptography techniques
- Risk Management
- Budget Management
- Stakeholder expectation management
- People Management
Skills:
- Be able to work independently with high pressure, good in teamwork
- Be able to catch up and manage works quickly and effectively
- Good knowledge of risk management principles, methodology and practice
- Have ability to read and understand the professional documents in English.
- Strong interpersonal and communication skill
- Careful, responsible, and secure in protecting information/data belong to Bank

Laptop, Chế độ bảo hiểm, Du Lịch, Chế độ thưởng, Chăm sóc sức khỏe, Đào tạo, Tăng lương

Cập nhật gần nhất lúc: 2025-09-18 11:10:02