Security Engineer

Địa điểm Hà Nội
Ngành nghề Công nghệ
Mã số 10881
Loại công việc Cố định
Lương 20.000.000-40.000.000
Email liên hệ vy.tran@manpower.com.vn
Ngày đăng Tháng năm 18, 2021

Working Time: 8:30 – 18:00 (lunch break 1.5h)

Salary Range: $1,000 - $2,000

Benefit:

  • Attractive salary and benefits, international, fun and professional working environment
  • An open and honest culture where people are valued, treated fairly and trusted and empowered
  • Flexible working hours, we work 40 hours per week (Monday-Friday)
  • 13th salary and additional bonus every year
  • Lunch allowance and free drinks (coffee, tea, etc)
  • Health Insurance package
  • Government social, health and unemployment insurance for Vietnamese staff
  • Annual health check, annual flu vaccination
  • Paid leave (12 days/year)
  • A standing desk if you like; No dress code; Company trip
  • Gym and Game room for everyone: board games, video games, PS4, ping-pong, football tables, and many more!
  • In-house classes: Yoga, BJJ
  • For non-Vietnamese staff, support for making Vietnamese work permits, resident cards and others
  • Free English/ Vietnamese classes with a native teacher
  • Pet-friendly working space (already have 4 cats and dogs)
  • Salary range: Depending on levels and experience Commission JOB

Job Duties:

  • Co-working with internal IT team and internal development team to ensure the company's IT system and application are integrated and comply with the company’s current Information Security Policy, Regulations, Standards and Processes.
  • Investigate security threats and incidents, identify and implement mitigation actions.
  • Provide feedback to enhance the current policies, regulations, standards and processes where necessary.
  • Help the organization evolve its application security functions and services.
  • Responsible for upholding code reviews across all code platforms.
  • Provide leadership for application vulnerability scanning and penetration testing remediation.
  • Manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Code Analysis tools.
  • Provide support to the Information Security Manager on all application security activities.
  • Actively participate in security initiatives with minimum supervision.
  • Follow security best practices in performing tasks.
  • Be able to contribute to the projects in terms of documentation, transfer of ideas and implementing the plans in the area of Application Security

Job Requirements: 

Educational Qualifications:

  • Bachelors or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or another industry-related curriculum).
  • Has appropriate subject matter expertise in their area of information security specialization.

Relevant Knowledge/ Expertise:

  • Knowledge of Security Incident Management
  • Experience with NID system such as Suricata
  • Experience with firewall solutions such as PFSense
  • Experienced in Managing Google Suite accounts and applications
  • Experience with ELK Stack and Wazuh and or other HIDs
  • Strong knowledge of CIS Security Controls
  • 3+ years of Information Security, Application Security, Programming, DevOps, Cloud, Computer
  • Science, Data Analytics, or related (at least 2 years of working with cloud-based infrastructure).
  • Proficient with Amazon Web Services And have an in-depth understanding of  Public/Private/Hybrid Cloud solutions and experienced in integrating public cloud into traditional hosting/delivery models.
  • Depth knowledge of networking and associated technologies, including LAN/WAN, OSI,TCP/IP, File Transfer Protocols, Telnet and Secure Shell, Load balancer, Domain Name System, and Dynamic Host Configuration Protocol, ..
  • Strong knowledge of secure code development practices.
  • Experience working in a DevOps environment with an automation first mindset.
  • Experience using Jenkins/GitlabCI/TeamCity as a CI/CD tool.
  • Experience with SAST (static application security testing), DAST (dynamic application security testing) and IAST (interactive application security testing) tooling.
  • Strong knowledge of OWASP practices.
  • Knowledge of authentication protocols such as OAuth, Open ID Connect, SAML and PKI.

Skills:

  • Manage company security documentation
  • Auditing company security controls
  • Ability to analyze logs and alerts for false positives and security events
  • Experience with tuning NID and HID systems
  • Have the ability to read and understand the professional documents in English
  • Understanding of cloud infrastructure configuration and deployment.
  • Proficient scripting skills using Bash and PowerShell
  • Knowledge of security principles, tools set and technology.
  • Ability to work with physical hardware and virtual machines.
  • Be able to catch up and manage work quickly and effectively.
  • Be able to work independently with high pressure, good in teamwork.
  • Preferred Fluent in English