Title: Senior Security / Software Engineer
Type: Full-time
Location: Remote (Vietnam-based; any city)
Working Hours: 9:00 AM 5:00 PM (Vietnam Time)
Experience: 58 years
Language: Professional English (written & spoken)
Start: ASAP / Q1 2026
Compensation: 32,000,000 - 35,000,000 VND/month (baseline; experience-dependent)
About Matdo
Matdo is an early-stage security startup (stealth) building tools that help organizations understand and manage their cryptographic posture and meet evolving compliance requirements. This is a foundational role with outsized impact.
What you'll do
- Build and operate scanning + analysis services that inventory cryptographic usage across systems
- Implement and harden TLS/SSL configuration checks, certificate analysis, and PKI-related workflows
- Integrate and normalize outputs from common security scanning tools (SAST/DAST/SCA) into usable engineering artifacts
- Ship customer-boundary deployments using container technologies (Podman/Docker) and Kubernetes/Helm
- Improve reliability, speed, and accuracy via CI/CD pipelines and GitOps workflows
- Write clear documentation and collaborate asynchronously (PRs, design notes, Slack) and in weekly video calls.
Must-have qualifications
- 58 years professional software engineering experience (security or infrastructure focus)
- Strong proficiency in Python and at least one of: Go / Rust / Java
- Strong hands-on knowledge of TLS/SSL, certificates, and PKI concepts
- Working knowledge of cryptographic primitives (symmetric/asymmetric, hashing, signatures, key exchange)
- Container + orchestration experience: Podman, Kubernetes, and Helm chart authoring
- CI/CD experience (GitHub Actions or GitLab CI) and familiarity with GitOps workflows
- Experience building or operating scanning tools (SAST/DAST/SCA or similar)
- Professional English for async writing and live collaboration
- Comfortable working independently in an early-stage environment
Strongly preferred
- Semgrep rule authoring or similar static analysis frameworks (CodeQL, SonarQube)
- Familiarity with SOC 2 / PCI-DSS / HIPAA / CMMC / ISO 27001 style compliance frameworks
- Exposure to post-quantum cryptography concepts or standards (NIST PQC, FIPS 140-3)
- Experience integrating LLMs into engineering workflows (local model deployment, prompt pipelines)
- Experience building customer-hosted or enterprise software
Nice-to-have
- Open-source security contributions.
- Published security research or conference talks.
- Network protocol analysis (Wireshark, packet inspection)
- Kubernetes auto-discovery patterns / service mesh familiarity
