1. Vulnerability assessment and penetration testing program and responsible for the design and performance of application security robustness tests.
Develop/implement/trainning/apply security by design framework to Bank
Security controls end to end for projects/CR make sure new services & system is safe before golive
Supporting Vendor Security activities to ensure 3rd‐party software and development meets Bank security standards.
Deliver the annual penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests
Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications/devices
Automate penetration and other security testing on networks, systems and applications
Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation
Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators
Trial attacks & incident response
Research/develop new security standards/technique guidle and apply to bank
Operate security technologies, control security changes/ensuring the safety of information technology systems
Continuously improve security controls in the software development process
2. Implement security program to security development
Participation with key technicque in security projects, security solutions requires a very high of expertise skill
Consulting for the project to resolve arising problems, beyond the technical scope
3. Develop/implement/apply security by design to Projects
Develop/implement/trainning/apply security by design framework to Bank
Security controls end to end for projects/CR make sure new services & system is safe before golive
Supporting Vendor Security activities to ensure 3rd‐party software and development meets Bank security standards.
Yêu Cầu Công Việc
1.Trình độ đào tạo
Bachelor's or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry-related curriculum)
2. Kiến thức/ Chuyên môn cần có
5 years or more of working experience in IT security banking, good knowledge international IT security standards (ISO 270001, PCI-DSS,…), ITIL
Have good knowledge about: network security, system security, application security and virus/malwares, secure coding, cloud, devsecops
Expert with architect, security technology, integration
Have good knowledge with pen test with OWSAP Standard and ability discovery & exploit vulnerabilities, cyber attack
Good using some tools for hacking: VA, APPScan, Metaexploit, kalilinux
Experienced in implementing ISO27000/PCI-DSS is preferred
Have good knowledge with secure coding with some languages: Python, Shell, PHP and have good knowledge with encryption, cryptography techniques
3. Các kỹ năng/ Skills cần có
Have ability to read and understand the professional documents in English.
Strong interpersonal and communication skill
Be able to catch up and manage works quickly and effectively
Be able to work independently with high pressure, good in teamwork
Careful, responsible, and secure in protecting information/data belong to Bank
Good knowledge of risk management principles, methodology and practice
Preferred Fluent in English
4. Các kinh nghiệm liên quan/ Relevant Experience
Stakeholder expectation management / Quản lý kỳ vọng của các bên liên quan, các bên thụ hưởng..
People Management / Quản lý con người, nhân sự.
Risk Management / Quản lý rủi ro
Budget Management / Quản lý ngân sách
5. Các năng lực liên quan khác
Strong Logical Thinker and Planner
Management, Leading ability / Năng lực quản lý và khả năng lãnh đạo.
Implementation and Deliver ability / Năng lực thực hiện và chuyển giao.