Search by job, company or skills

con cung corporation (concung.com)

Application Security Engineer

Save
  • Posted 15 hours ago
  • Be among the first 10 applicants
Early Applicant

Job Description

Job Description

We are seeking an Application Security Engineer to build and develop our application security capability. The core mandate is security: defining how the organization designs, builds, and ships software securely — spanning secure SDLC, DevSecOps, security architecture and design, application security testing, and developer enablement. The engineer drives security into the development lifecycle and CI/CD pipelines and fundamentally reduces security risk in software.

Key Responsibilities

  • Security by Design: Threat modeling, secure design review, security requirements; collaborate with architects to embed security into application design.
  • Security Architecture & Solutions: Recommend and implement security controls appropriate to each application's risk profile — e.g., WAF, API security, mobile app hardening (RASP / anti-tampering).
  • Application Security Testing: Operate SAST/DAST/SCA/SBOM tooling; triage findings, eliminate false positives, validate exploitability, and prioritize remediation by real risk.
  • Secure SDLC & DevSecOps Integration: Embed security gates and automated checks into CI/CD pipelines.
  • AppSec Maturity (OWASP SAMM): Run SAMM assessments, define the maturity roadmap, and measure improvement over time.
  • Developer Enablement: Secure coding training và Security Champions program.

Job Requirements

We are looking for a highly motivated person with:

  • 2-3+ years of experience with Application Security Engineering or related Security roles.
  • Solid foundation in application security: OWASP Top 10 and beyond — common vulnerability classes, ability to read code and understand why a finding is (or isn't) exploitable.
  • Hands-on secure SDLC & secure design: threat modeling, secure design review, security requirements.
  • Strong understanding of SAST, DAST, SCA and SBOM tooling — interpreting results, triaging false positives, prioritizing by risk.
  • Ability to select the right tool for the right context (judgment, not tool-operation).
  • Working knowledge of CI/CD and automation as the delivery medium (Python/Bash).
  • Excellent collaboration and communication skills, with the ability to work closely with developers, architects, and operations teams.
  • A proactive attitude & the ability to think outside of the box
  • Works in an organised, structured manner
  • Can do attitude, gets things done
  • Excellent communication skills with diverse audiences
  • Strong critical thinking and analytical skills

Nice-to-have:

  • Practical OWASP SAMM (or BSIMM) implementation experience.
  • Security architecture experience: WAF, API security, mobile app shielding/RASP.
  • Awareness of secure-by-design frameworks/regulations: NIST SSDF, EU Cyber Resilience Act.
  • A relevant AppSec/offensive cert (OSWE, eWPTX, GWAPT, Burp Suite Certified, CSSLP) — tín hiệu lọc nền tảng security.
  • IaC security (Terraform/K8s/Helm), cloud security, English.

Benefit

  • Annual bonus: 2 - 3 months under minimum KPI requirement
  • Fast promotion opportunities based on personal ability
  • Work in a dynamic, open, creative environment
  • Regular training, company team building, birthday bonus

About Concung.com

  • Working time: 8:30 - 17:30 Monday - Friday
  • Working place: 6th Floor, 9 Nguyen Trai Street, Pham Ngu Lao Ward, District 1, Ho Chi Minh City

More Info

Job Type:
Industry:
Employment Type:

Job ID: 150612531