Senior DevSecOps Engineer

Top 3 reasons to join us

• We build a professional & fun working environment.
• We focus on your growth, yes the long-term growth.
• We develop the future-ready digital bank platform.

Job description

What do we do? 

As a pioneer for digital transformation, GFT develops sustainable solutions across new technologies – from cloud engineering and artificial intelligence to blockchain/DLT. With its deep technological expertise, strong partnerships, and comprehensive market know-how, GFT offers advice to the financial and insurance sectors, as well as the manufacturing industry. Through the intelligent use of IT solutions, GFT increases productivity and creates added value for clients. Companies gain easy and safe access to scalable IT applications and innovative business models. 

Who are we? 

Having started in Germany in 1987, GFT Technologies has grown to become a trusted Software Engineering and Consulting specialist for the international financial industry, counting many of the world’s largest and best-known banks as our clients. We are an organization that empowers you to not only explore but also raise your potential and seek out opportunities that add value. At GFT, diversity, equality, and inclusion are at the core of who we are. Ensuring a diverse and inclusive working environment for all communities is one of the main pillars of our diversity strategy, based on our core values and culture. We have been certified for 2022/23 as a ‘Great Place to Work’ in the APAC region. So, if you want to have the opportunity to work with an outstanding and progressive organization, this position could be right for you. 

Role Summary 

We are seeking an experienced and passionate Senior DevSecOps Engineer for the Service Operations team as we continue to grow our Operations-as-a-Service for our prime client. 

Key Responsibilities 

• Penetration tester with experience in DevSecOps. 
• Conduct manual and automated secure source code reviews in platforms such as Kotlin, Node.js, Android, iOS, and Python. 
• Perform mobile application penetration testing to identify and remediate vulnerabilities in Android and iOS apps. 
• Perform penetration testing on APIs, GraphQLs, and web interfaces to uncover and mitigate risks. 
• Conduct threat modelling and establish threat profiles to identify, quantify, and mitigate application security risks. 
• Collaborate with development, infrastructure, and networking teams to deliver secure application solutions. 
• Review and secure mobile and web APIs (REST, SOAP), ensuring proper SSL/TLS implementation. 
• Integrate security testing into CI/CD pipelines using tools such as GitHub Actions. 
• Use SAST/SCA/DAST tools to identify and remediate vulnerabilities. 
• Apply industry best practices, including OWASP Top 10 for web, mobile, APIs, and OWASP ASVS. 
• Contribute to the development and enforcement of internal application security standards and policies. 
• Stay current with emerging threats, vulnerabilities, and security technologies, including AI-related security risks and defences. 
• Perform and automate BAU application security, offensive security, and vulnerability management tasks. 

Your skills and experience

Required Qualifications 

• At least 8 years of experience in software development, application security, and cloud platforms (AWS, Azure, GCP). 
• Hands-on experience in mobile, web, and API penetration testing using tools such as Burp Suite, MobSF, Frida, etc. 
• Proficiency in at least one programming language (e.g., Java, Kotlin, JavaScript, Python) and scripting (e.g., Bash, PowerShell). 
• Strong understanding of secure coding practices and code review methodologies. 
• Experience with threat modelling frameworks (e.g., STRIDE, DREAD). 
• Familiarity with Agile and DevOps environments. 
• Experience with SAST/SCA/DAST tools and integrating them into CI/CD workflows. 
• Solid grasp of API security and cryptographic protocols. 
• Knowledge of OWASP standards and secure SDLC practices. 

Preferred Qualifications 

• Experience with AI/ML application security (prompt injection, model abuse, red teaming). 
• Certifications such as OSCP, CSSLP, AWS/Azure Security Engineer Associate, or equivalent. 
• Experience with container security and infrastructure-as-code scanning. 

Why you'll love working here

HR benefits

• Competitive salary
• Salary band per level are reviewed once per year
• 13th month salary pro rata depending on the employee’s length of service (within a calender year), paid with the December salary
• Monthly lunch allowance: 700,000 VND/employee
• Parking: GFT covers the monthly parking fee for employee motorbikes
• Performance evaluation is once per year, for 2 purposes:
     > Performance bonus   > Salary increments

Health care

• Private health insurance: including accident, outpatient, in-patient, maternity, and dental for all permanent employees who pass 2-month probation.
• Optical: expense claim for eyewear
• Annual health check-ups.

Vacation

• Maximum 18-day vacation leave/year (with the ability to carry over 05 days till 31st March of the following year)
• Adding one more annual leave day for each two-year anniversary.

Healthy lifestyle

• Sports and hobby clubs: company has an annual fund for fitness activities, which is allocated per month as team’s vote.
• Range of healthy snacks, tea, coffee, milk and beer on tap

Social

• Company townhall: each 6 weeks
• CSR activities: as per company’s CSR guideline
• Onsite tour/training courses at other GFT offices and client’s destination overseas (where applicable).