Are you ready to take your career up a level We are seeking a Web Application Penetration Tester - Automation Engineer with exceptional security testing expertise, strong automation and programming skills, and proven ability to scale application security assessments through innovative tooling and automation.
The selected candidate will be responsible for (a) conducting advanced security testing for our banking applications (b) reviewing and providing security feedback during application design phase (c) building automation frameworks to scale penetration testing operations and accelerate vulnerability discovery across our application portfolio.
Responsibilities
Security Testing & Assessment
- Conduct advanced manual application penetration tests on web applications, mobile applications, and APIs
- Participate in source code reviews, and testing of new application security features and controls across products
- Validate and champion secure development practices for software engineers
- Research and make recommendations to the development team regarding security standards
- Advancing your personal knowledge of information security to stay on the bleeding edge
Security Automation & Scaling
- Build tools and internal applications to discover, evaluate and mitigate security vulnerabilities during development and in production at scale
- Automate security penetration testing processes, exploits and test cases to enable rapid, repeatable assessments across multiple applications/features
- Develop frameworks and scripts to accelerate common penetration testing workflows and reduce manual effort
- Create automated vulnerability validation and verification tools
- Build integrations between security testing tools and development/deployment pipelines
- Design and implement solutions for continuous security testing in production environments
- Develop custom security scanning and analysis tools tailored to banking application architectures
Requirements
- Bachelor's degree in Computer Science, Computer Engineering, Information Systems, Information Security, or related field and/or 3+ years of equivalent work experience required
- Knowledge of the methods, processes, and procedures to execute penetration testing
- Strong programming and scripting abilities (Python, Java, or similar) for security tool development
- Hands-on experience building security automation tools from concept to production deployment
- Solid understanding of web application development
- Experience reviewing source code (Java, Python) and Mobile applications (Native, KMM)
- Experience in cloud security (AWS)
- Knowledge of web & mobile application security principles with significant understanding of application security topics such as OWASP Top 10 and authentication infrastructure (SAML, OAUTH)
- Experience in the Security planning, coordinating, executing, and reporting of tasks
- Good communication skills with an ability to explain complex technical issues to non-technical business users
- Holders of security related certifications like GWAPT/ OSWE, etc. will be an advantage
Benefits
- Meal and parking allowance are covered by the company
- Full benefits and salary rank during probation
- Insurances as Vietnamese labor law and premium health care for you and your family without seniority compulsory
- Performance bonus up to 2 months
- 13th month salary pro-rata
- 15-day annual leave+ 3-day sick leave + 1 birthday leave + 1 Christmas leave
- SMART goals and clear career opportunities (technical seminar, conference, and career talk) - we focus on your development
- Values-driven, international working environment, and agile culture
- Overseas travel opportunities for training and working related
- Internal Hackathons and company's events (team building, coffee run, blue card...)
- Work-life balance 40-hr per week from Mon to Fri
