Security Engineer (Senior Pentest)

* S lng cn tuyn: 02

* V tr lm vic: Phng AN NINH SN PHM TT H TNG & ANTT KHI CNG NGH

* a im lm vic: 22 Lng H - Phng Lng - TP H Ni

* Thi gian lm vic: 8h00 17h30 cc ngy th 2 - th 6

* M t cng vic:

1 - Kim th xm nhp (Penetration Testing)

- Xy dng Threat Model cho h thng/ng dng mi, lm c s cho thit k an ton v kim th bo mt.

- Ph trch kim th xm nhp v review m ngun cc ng dng, nh gi bo mt cho cc gii php ca VNPAY.

- Kim tra bo mt giao tip ng dng mobile API server (man-in-the-middle, SSL pinning bypass, token leakage),

- H tr vic tch hp bo mt vo vng i pht trin phn mm (SDLC)

2 - Nghin cu & pht trin (R&D)

- Nghin cu, trin khai Automation, AI trong vic kim th v nh gi bo mt

- Cp nht cc xu hng tn cng mi (zero-day, supply chain attack, cloud misconfiguration).

- Xy dng script, tool ni b h tr qu trnh pentest v review code.

- Tham gia xy dng guideline v secure coding v review checklist cho i phat trin.

- Thc hin cc cng vic chuyn mn khc theo yu cu t cp trn.

* Yu cu:

- Tt nghip i hc chuyn ngnh: Phn mm, An ton thng tin hoc lin quan.

- C t 03 nm kinh nghim tr ln ti v tr Pentest hoc tng ng (u tin lnh vc ngn hng, ti chnh)

- c hiu tt ti liu ting Anh chuyn ngnh.

Ky nng yu cu:

- Nm r cc l hng ng dng v k thut khai thc ca cc l hng

- Thnh tho ky nng review m ngun (web & mobile).

- S dng thnh tho cac cng cu scan nh Semgrep, CodeQL, co kha nng vit custom rule phat hin cac l hng bao mt

- K nng vit bo co v trnh by r rng, mch lc

- u tin cc ng vin c cc chng ch: OSWE, OSCE, OSCP, GPEN, COMPTIA Pentest+, CDP v..v

- u tin cc ng vin c kinh nghim nh gi bo mt cho ng dng Mobile

* Ch i ng:

1. Ch lng & thng hp dn:

Mc lng tha thun theo nng lc, nh gi nng lc hng nm

Ch thng phong ph v hp dn (Theo quy nh v chnh sch cng ty)

H tr n sng min ph

H tr n tra: 50.000/ngy

H tr gi xe, xng xe, in thoi (ty v tr)

H tr trang im cho CBNV n

Qu tng cc ngy l trong nm

2. Bo him & chm sc sc khe ton din:

BHXH, BHYT, BHTN theo php lut hin hnh

Gi bo him sc khe cao cp 24/7 mua cho nhn vin & ngi thn nhn vin

Khm sc khe nh k hng nm

3. Mi trng lm vic hin i:

Cung cp my tnh & trang thit b lm vic hin i

Vn phng lm vic hin i, trang thit b lm vic Hi- tech

Khng gian n nh min ph (nc ung, tr cafe, hoa qu, sa chua)

4. Pht trin ngh nghip:

C hi tip cn vi nhng cng ngh mi, nhng d n quy m ln

Lm vic cng i ng hn 2000 nhn s ti nng, c chuyn mn gii, dy dn kinh nghim, t duy chia s

c ti tr kinh ph tham gia cc chng trnh o to nng cao nng lc

Cng ty thnh lp gn 20 nm vi cc sn phm & dch v c khng nh v th trn th trng

5. Hot ng ngoi kha phong ph:

Vn ha cng ty c sc vi nhiu hot ng on th c quan tm u t: Team building, Ngh mt (trong nc v nc ngoi), 20/10, Year End Party, hot ng thin nguyn,

Cc cu lc b: CLB Cu lng, CLB Bng , CLB Yoga, CLB in kinh, CLB Bi

*Ghi ch: Chng ti s lin h qua in thoi vi nhng CV ph hp trong vng 7 ngy lm vic k t ngy ng tuyn.