About the role

Web Application Penetration Tester - Automation Engineer focused on scaling security assessments for banking applications through automation and innovative tooling.

Responsibilities

Conduct advanced manual application penetration tests on web applications, mobile applications, and APIs.
Participate in source code reviews, and testing of new application security features and controls across products
Validate and champion secure development practices for software engineers
Research and make recommendations to the development team regarding security standards
Advancing your personal knowledge of information security to stay on the bleeding edge.
Build tools and internal applications to discover, evaluate and mitigate security vulnerabilities during development and in production at scale
Automate security penetration testing processes, exploits and test cases to enable rapid, repeatable assessments across multiple applications/features
Develop frameworks and scripts to accelerate common penetration testing workflows and reduce manual effort
Create automated vulnerability validation and verification tools
Build integrations between security testing tools and development/deployment pipelines
Design and implement solutions for continuous security testing in production environments
Develop custom security scanning and analysis tools tailored to banking application architectures

Bachelor's degree in Computer Science, Computer Engineering, Information Systems, Information Security, or related field and/or 3+ years of equivalent work experience required.
Knowledge of the methods, processes, and procedures to execute penetration testing.
Strong programming and scripting abilities (Python, Java, or similar) for security tool development
Hands-on experience building security automation tools from concept to production deployment
Solid understanding of web application development.
Experience reviewing source code (Java, Python) and Mobile applications (Native, KMM)
Experience in cloud security (AWS).
Knowledge of web & mobile application security principles with significant understanding of application security topics such as OWASP Top 10 and authentication infrastructure (SAML, OAUTH).
Experience in the Security planning, coordinating, executing, and reporting of tasks.
Good communication skills with an ability to explain complex technical issues to non-technical business users.
Holders of security related certifications like GWAPT/ OSWE, etc. will be an advantage.

Meal and parking allowance are covered by the company
Full benefits and salary rank during probation
Insurances as Vietnamese labor law and premium health care for you and your family without seniority compulsory
Performance bonus up to 2 months
13th month salary pro-rata
15-day annual leave+ 3-day sick leave + 1 birthday leave + 1 Christmas leave
SMART goals and clear career opportunities (technical seminar, conference, and career talk) – we focus on your development
Values-driven, international working environment, and agile culture
Overseas travel opportunities for training and working related
Internal Hackathons and company’s events (team building, coffee run, blue card…)
Work-life balance 40-hr per week from Mon to Fri