Senior IT Security Officer (mảng Pentest)

1. Penetration Testing: Plan, execute, and document penetration tests on web applications, networks, APIs, mobile apps, and cloud environments.
2. Vulnerability Assessment: Identify, analyze, and prioritize vulnerabilities; provide actionable recommendations for remediation.
3. Exploit Development: Simulate real-world attack scenarios to validate security controls and uncover potential weaknesses.
4. Red Team Engagements: Participate in or lead red team exercises to test organizational resilience against advanced threats.
5. Compliance & Standards: Ensure testing aligns with industry frameworks (OWASP, ISO 27001, PCI DSS...) and regulatory requirements.
6. Tooling & Automation: Utilize and maintain penetration testing tools (Burp Suite, Metasploit, Kali Linux, etc.) and develop custom scripts for advanced testing.
7. Reporting & Documentation: Prepare detailed reports outlining findings, risk impact, and recommended mitigations for technical and non-technical stakeholders.
8. Collaboration: Work closely with security architects, SOC teams, and developers to address vulnerabilities and improve secure coding practices.
9. Continuous Improvement: Stay updated on emerging threats, exploit techniques, and security technologies; contribute to internal knowledge sharing and training.
10. Data Protection: Ensure testing activities do not compromise sensitive data or violate privacy regulations.
11. Provide training and enhance cybersecurity awareness within the organization.
12. Research, propose, and implement new security technologies to improve security assessment and protection of IT systems.
13. Perform other tasks as assigned by management.

1. Education: Bachelor's degree in Computer Science, Information Security, or related field.
2. Technical Knowledge:
- Proficiency in at least one programming language (PHP, Python, C/C++, Java) and understanding of Software - Development Life Cycle (SDLC).
- Strong knowledge of network protocols, web application security, cloud environments, and secure coding principles...
3. Experience:
- Security testing for Web, API, Mobile, Winform Applications, Network, Infrastructure, and OS.
- Identifying and assessing vulnerabilities in IT systems.
- Security standards such as PCI DSS, OWASP, and cybersecurity attack techniques.
- Reviewing security requirements in BRD and business processes before system development.
4. IT Proficiency:
- Proficiency with penetration testing tools and scripting languages (Python, Bash, PowerShell).
- Information gathering, vulnerability scanning, and security exploitation tools.
5. Skills:
- Documentation and report writing skills.
- Effective communication and presentation skills.
- Analytical and problem-solving abilities.
- Risk management skills.
- Understanding of exploit development, reverse engineering, and threat modeling.
6. Experience: Minimum of 2 years of experience in penetration testing or ethical hacking roles for web applications, mobile applications, server systems, and network devices.
7. Preferred Qualifications: Security certifications such as GPEN, LPT, CEH, OSCP, GWAPT or equivalent penetration testing certifications. Candidates with CVEs or contributions to cybersecurity projects are highly preferred.

• Hình thức: Nhân viên chính thức