About the Role
We are looking for a Security Lead (Penetration Testing) to join our team and take ownership in strengthening our security posture. You will lead penetration testing efforts across applications, infrastructure, APIs, and cloud environments, while also mentoring a team of security engineers.
This role is ideal for someone who enjoys hands-on offensive security work, but also wants to play a leadership role in defining security strategy and guiding best practices.
Key Responsibilities
- Lead and perform penetration testing on applications, networks, APIs, mobile apps, and cloud environments.
- Design, scope, and execute red team exercises and adversarial simulations.
- Identify, validate, and exploit vulnerabilities, then work with engineering teams on remediation.
- Establish and maintain penetration testing methodology, tools, and frameworks.
- Provide technical leadership and mentorship for a team of security engineers.
- Collaborate with stakeholders to embed security into development and deployment pipelines (DevSecOps mindset).
- Keep track of the latest offensive security techniques, exploits, and CVEs.
- Manage vendor relationships for external penetration testing activities.
Requirements
- 6+ years in cybersecurity, with at least 3+ years in penetration testing.
- Strong knowledge of OWASP, PTES, MITRE ATT&CK frameworks.
- Proven experience in web, mobile, and network pentesting (manual + automated).
- Familiarity with cloud platforms (AWS, Azure, GCP) and container security.
- Hands-on experience with tools such as Burp Suite, Metasploit, Nmap, Cobalt Strike, Kali Linux, etc.
- Relevant certifications (e.g., OSCP, OSWE, OSEP, OSEE, GPEN, GXPN) are highly valued.
- Strong communication skills able to explain vulnerabilities and risks to both technical and non-technical audiences.
- Leadership experience: managing a small security/pentest team or leading projects is a plus.
- Active involvement in the hacking community (CTF competitions, bug bounty programs, responsible disclosure).
- Track record of reporting vulnerabilities on platforms like HackerOne, Bugcrowd, Synack, or ZeroDayInitiative.
- Publications, blogs, or talks at security conferences (DefCon, BlackHat, BSides, etc.) are a strong plus.
- Passion for offensive security, ethical hacking, and continuous learning.
Why Join Us
- Lead a high-impact security function within a growing tech company.
- Opportunity to define penetration testing strategy and shape overall security direction.
- Work in a collaborative and innovation-driven environment.
- Competitive compensation, benefits, and professional growth opportunities.
Location: PV Gas Tower, 673 Nguyen Huu Tho, Phuoc Kien Ward, Nha Be District, HCMC, Vietnam
