DevSecOps Engineer (Cloud/AWS)

2 Ben Can Giuoc Street, District 8, Ho Chi Minh
See map

Top 3 Reasons To Join Us

  • Attractive Package
  • Endless growth-company
  • 20 days of annual leave

The Job

  • Provide advisory, risk assessment and security assessment for IT projects follows Prudential Secure SDLC and DevSecOps requirements.
  • Consult with business users, application developers, systems administrators and management to demonstrate security testing results, explain the threat/risk presented by the results, and consult on remediation.
  • Liaise with vendor in the annual an ad-hoc penetration testing schedule to ensure proper budgeting by business lines.
  • Take part in and ensure the completeness of the annual Application Security training program.
  • Review and monitor vendor’s security service and deliverable.
  • Regularly perform compliance assessment on regional policies, standards and drive remediation of control gaps.
  • Take part in the implementation of security programs within the local business.
  • Foster and maintain relationships with key stakeholders and business partners
  • Champion both local & regional IT security initiatives to completion.
  • Liaise with internal and external auditors and regulators to ensure all audit and compliance findings are adequately remediated across the business unit.
  • Incident management and response.
  • Other duties as assigned

Your Skills and Experience

Knowledge and skill / Kiến thức và kỹ năng

  • University degree in Computer Science or technology related disciplines
  • A minimum of 5 years relevant experience in IT Security or Information Security (Technical)
  • At least 3 years’ experience in Application Security or penetration testing required.
  • Broad knowledge of security domains, trends, and technologies (such as threat and vulnerability management, identity & access Management, web application security, data loss prevention, encryption).
  • In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, DotNet, Python, Bash, etc.).
  • Hands on experience with testing frameworks such as the PTES and OWASP for Web and mobile application.
  • Familiar with Cloud native application, API security, Container.
  • Extensive experience with security testing tools (e.g., SAST, DAST, OSS vulnerability testing, Container Security, RASP) embedded within DevSecOps and support CI/CD pipeline
  • Applicable knowledge of Windows client/server, Unix/Linux systems.
  • Experience with Cloud technologies in AWS, Azure, or Google Cloud.
  • Professional qualifications such as CEH, OSCP, GWAPT preferred.
  • Knowledge of risk management principles.
  • Ability to manage relationships at various levels within the organization
  • Ability to influence and resolve conflict through timely and transparent communications.
  • Ability to work under pressure

Why You'll Love Working Here

Why Should You Apply?
- Attractive salary
- Beneficial package including: Yoga class, health talk, mental counseling, pension plan, life insurance & financial supports
- Open environment and clear career road map
- 20 days of annual leave