Overview
We are looking for a Senior Security Engineer who will act as a security champion for project teams, helping identify potential security weaknesses and improve system security throughout the development lifecycle.
This role focuses on working closely with developers, DevOps engineers, and project teams to review system designs, identify vulnerabilities, and provide practical security recommendations before and during project releases.
Responsibilities2. Security Design Review & Threat Modeling3. Vulnerability Management & Security Improvement4. Secure Development Practices5. Client Security & Compliance Support
- Security Review & Risk Identification
- Review project architectures, applications, and infrastructure to identify potential security risks
- Act with a red-team mindset to identify weaknesses before production releases
- Perform security assessments and vulnerability reviews on applications and cloud environments
- Participate in security design reviews for new systems and major architectural changes
- Guide teams in performing threat modeling to identify potential attack scenarios
- Provide recommendations to improve authentication, access control, data protection, and system security
- Identify security vulnerabilities and work with Engineering and DevOps teams to resolve them
- Support teams in implementing security improvements across application code, infrastructure, and configuration
- Track remediation progress and ensure security issues are addressed
- Promote secure development practices (Secure SDLC) within engineering teams
- Provide guidance on secure coding, secrets management, and secure system design
- Share security knowledge and practical best practices with developers
- Ensure project teams meet security and compliance requirements defined by clients
- Support project teams in responding to client security reviews
- Help ensure projects follow internal security policies and standards such as ISO27001
Requirements
- 5+ years of experience in security engineering, application security, DevSecOps, or infrastructure security
- Strong understanding of application security principles and common vulnerabilities (OWASP Top 10)
- Experience with cloud environments (AWS, GCP, or Azure)
- Familiarity with:
- Authentication and authorization mechanisms
- Secure coding practices
- Authentication and authorization
- Encryption and secrets management
- Network security concepts
- Experience with security testing tools, vulnerability scanning, or penetration testing techniques is a plus
- Strong English communication skills (written and verbal)
- Strong collaboration skills to work across multiple project teams
- Security certifications such as Security+, CISSP, CEH, or similar are a plus
Benefits
- Three days remote every week and four full remote weeks per year
- Gold level Health Insurance coverage from Bao Viet Insurance, a yearly complete Health Check and social insurance
- All office benefits and full salary during probation
- Flexible working time starting anytime up to 10 AM working Monday - Friday with no overtime and a long lunch break
- Unlimited snacks and nice coffee every day
- Choose from a brand-new Mac or PC device
- Salary review twice a year with opportunities for promotions and spot awards
- 12 days annual leave per year, with all days not taken paid out in cash, plus 2 sick leave days
- Yearly Training Budget up to 5 million VND per staff. On top of that, Professional coaching program, buddy system, tech talks, agile sessions, and 1on1 private English classes are available
- Yearly company trip, monthly activities, and other Celebrations for special days in the year, such as Women's Day, YEP, and Christmas
- Employee-led clubs within the company; games teams, sports teams, etc
- Modern open-space office with comfortable workspace, a PS5 games room, and chill-out areas
