Note: Native-level proficiency in Vietnamese is required for this position.
We are seeking skilled and detail-oriented Security Engineers specializing in penetration testing to join our security team. If you're someone who loves exploring how things work - and how to make them more secure - we need you on board. You'll be part of our ambitious ongoing and upcoming projects, working alongside talented professionals to push the boundaries of security testing.
Find more about us at: https://e-cq.net/
Responsibilities
- Plan and execute end-to-end penetration tests on web OR mobile applications (iOS/Android), and underlying APIs.
- Stay updated with the latest CVEs, zero-day exploits, and manual testing techniques to identify complex logical vulnerabilities that automated tools might miss.
- Document findings in high-quality technical reports. Collaborate with engineering teams to provide clear, step-by-step guidance on fixing security flaws.
- Work closely with developers to integrate security testing into the CI/CD pipeline and promote Shift Left security practices.
- Perform limited, non-destructive exploitation (proof-of-concept only) and avoid actions likely to disrupt production.
- Develop custom scripts or leverage industry-standard tools to automate repetitive testing tasks and improve efficiency.
- Other tasks related to your profession as assigned by direct supervisors.
Requirements
- Minimum of 2+ years of dedicated experience in penetration testing (either web or mobile as we are looking for both).
- Proven track record in at least one of the following:
- Web Security: Deep understanding of OWASP Top 10, SQLi, XSS, CSRF, and broken access control.
- Mobile Security: Hands-on experience with OWASP MASTG, static/dynamic analysis (SAST/DAST) of APK/IPA files, and certificate pinning bypasses.
- Strong understanding of TCP/IP, DNS, HTTP/S, and TLS/SSL protocols.
- Proficiency in at least one scripting language (e.g., Python, Bash, or PowerShell) for exploit development or task automation.
- Expertise in tools such as Burp Suite Professional, Metasploit, Frida, MobSF, Nmap, or Kali Linux.
- Strong analytical mindset, adaptability, and continuous learning attitude.
Nice to have
- Relevant certifications such as OSCP (Offensive Security Certified Professional), OSWE, eWPTX, or GPEN will be a plus.
- Experience testing applications hosted on AWS, Azure, or Google Cloud Platform.
- Active participation in platforms like HackerOne or Bugcrowd is a significant plus.
- Ability to explain complex technical risks to non-technical stakeholders clearly and concisely.
Our offers
- Attractive remuneration package with competitive compensation scheme.
- At least 19 days of annual paid leave with multiple versatile leave schemes.
- Bonuses: Public holidays, Tet, project commissions, 13-month salaries, performance bonuses, etc.
- Free lunch, cafeteria, and parking.
- A comfortable working environment that values flexibility, friendliness, and supportive team spirit.
- Recreational activities: Company trip, team building, bonding, internal events, etc.
- Premium private healthcare insurance after successful completion of probation.
- Annual premium health check-up package.
- Continuous learning - sharing - improvement culture, encouraging initiative and creativity in problem-solving.
- Career growth opportunities depending on your capability and career goals.
Working location: Hoang Hoa Tham St., Gia Dinh Ward (Binh Thanh District), HCMC
Working hours: 9 a.m. to 6 p.m., Monday to Friday
Contact: ECQ HR Department (Mr. Hien - 0382 480 012 or [Confidential Information])
Send your resume to [HIDDEN TEXT] for application and/or further information.
