App Security Engineer II
Trung tâm Công nghệ Thông tin
Hà Nội
25-ITC-0857
What this role owns: Hands-on security for mobile apps and web services. You run penetration tests, review source code, build threat models, and produce actionable fixes that engineers can implement. You also create standards, automate tests in CI, and run training for engineering teams.
Mô tả công việc
Key Responsibilities
- Perform penetration tests for mobile and web applications.
- Review code to identify security vulnerabilities and recommend fixes.
- Develop threat models for new features and workflows.
- Analyze application flows and identify attack vectors (tampering, hooking, jailbreak/root bypass, emulator detection, etc.).
- Research emerging vulnerabilities, exploit techniques, and tools.
- Document findings and deliver clear remediation guidance to engineering teams.
- Support post-incident analysis and root-cause reviews.
- Build internal security guidelines and secure coding standards.
- Train engineering teams on security best practices and secure SDLC.
Yêu cầu công việc
Requirements
- Bachelor's degree in Information Security, Computer Science, or related field.
- Proven experience in application penetration testing (mobile + web).
- Practical source code review experience and secure coding knowledge.
- Hands-on experience with testing frameworks such as the PTES and OWASP
- In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell)
- Passion to learn and explore.
- Experience with exploit development, vulnerability research or fuzzing.
- Fintech or payment industry security experience.
Bạn có quan tâm đến vị trí này?
hoặc bạn biết một ứng viên phù hợp
