We are looking for an Application Security professional with strong expertise in Threat Modelling and Secure Design to help embed security into the application development lifecycle.
This role works closely with development, architecture, and business teams to identify security risks early and ensure applications are designed securely and in compliance with DLVN standards.
KEY RESPONSILBILITIES
Threat Modelling (35%):
- Lead threat modelling sessions with development and business teams
- Apply methodologies such as STRIDE and PASTA
- Document threats, risks, and mitigation plans
Secure Design (30%):
- Provide security input during application and API design reviews
- Define and promote reusable secure design patterns
- Support developers in integrating security controls early
Collaboration & Enablement (20%):
- Work with Agile teams to embed security requirements
- Deliver training/workshops on secure design and threat awareness
- Communicate security risks clearly to both technical and business stakeholders
Governance & Compliance (15%):
- Ensure threat modelling aligns with SSDLC checkpoints
- Support audits and compliance documentation
- Contribute to improving Application Lifecycle Management and Technology Standards policies.
Your Skills and Experience
- Bachelor's degree in IT, Computer Science, or related field
- 4+ years of experience in application security or secure architecture
- Hands-on experience with threat modelling (STRIDE, PASTA, etc.)
- Strong knowledge of OWASP Top 10 and modern application architectures (APIs, microservices, cloud)
- Excellent communication and facilitation skills
- Experience in DevSecOps environments
- Knowledge of cloud security (Azure/AWS/GCP)
- Security certifications (CISSP, CSSLP, etc.)
- Good command of spoken and written English
Working Location:149-151 Nguyen Van Troi, Ward 11, Phu Nhuan, Ho Chi Minh
