ECQ (E-CQURITY) is a leading information system security firm established to provide security assessment services and proactive security management solutions. In face of the ever changing technology, we ensure our customers always have the best protection for their business through our continuous innovation, dedication, and enthusiasm in exploring security technology's domain.
We are looking for a dedicated Web Security Engineer to join our passionate offensive security team of talented security researchers. If you're someone who loves exploring how things work - and how to make them more secure - we need you on board.
Find more about us at: https://e-cq.net/
Responsibilities
- Perform manual and automated security assessments on web applications and APIs.
- Identify, exploit, and document vulnerabilities including authentication flaws, access control issues, injection attacks, logic flaws, and insecure configurations.
- Conduct assessments aligned with OWASP Top 10, OWASP ASVS, and industry standards.
- Analyze backend logic, microservices, and system integrations to detect flaws in authorization, data handling, and design.
- Test REST and GraphQL APIs for vulnerabilities and security weaknesses.
- Review backend architecture to propose secure design improvements.
- Work with client development teams to provide remediation guidance and secure coding practices.
- Review code or assist in secure code review processes where required.
- Participate in threat modeling sessions for new or existing systems.
- Produce clear, structured security reports highlighting impact, risk level, and recommended fixes.
- Present findings to technical and non-technical stakeholders.
- Collaborate internally with the Red Team, Mobile, and Infrastructure teams to align methodologies.
- Stay updated with emerging vulnerabilities, CVEs, and web exploitation techniques.
- Contribute to internal tools, scripts, and testing methodologies.
- Participate in knowledge-sharing sessions and enhance team capability.
Requirements
- Strong understanding of modern web technologies (HTTP/HTTPS, cookies, sessions, JWT, CORS, CSP, OAuth2, SSO, etc.).
- Hands-on experience with web penetration testing methodologies.
- Familiarity with tools like Burp Suite, OWASP ZAP, Postman, Fiddler, etc.
- Solid understanding of common web vulnerabilities (XSS, SQLi, CSRF, SSRF, IDOR, RCE, etc.) and exploit scenarios.
- Experience analyzing API behaviors, authentication flows, and business logic flaws.
Nice-to-Have
- Experience with secure code review.
- Experience with cloud platforms (AWS, Azure, GCP) and cloud-native vulnerabilities.
- Experience working with CI/CD and DevSecOps pipelines.
- Degree and/or certifications in related fields (Cybersecurity, Computer Science, OSCP, OSWE, GIAC, etc.).
Our offers
- Attractive remuneration package with competitive compensation scheme.
- 14 days annual leave with increment of 01 leave for each 03 years of continuous service.
- Wellness leave (4 days per year), birthday leave, and other attractive paid leave schemes per the Company's policies.
- Bonuses: Public holiday, Tet holiday, project, 13-month salary, etc. (subjected to company's discretion).
- Free lunch, cafeteria, and parking.
- A comfortable working environment that values flexibility, friendliness, and supportive team spirit.
- Recreational activities: Company trip, team building, bonding, internal events, etc.
- Premium private healthcare insurance after successful completion of probation.
- Annual premium health check-up package.
- Continuous learning - sharing - improvement culture, encouraging initiative and creativity in problem-solving.
- Career growth opportunities depending on your capability and career goals.
Working location: Hoang Hoa Tham St., Gia Dinh Ward (Binh Thanh District), HCMC
Working hours: 9a.m. to 6p.m., Monday to Friday
Contact: ECQ HR Department (Mr. Hien - 0382 480 012 or [Confidential Information])
Send your resume to [HIDDEN TEXT]for application and/or further information.
