user circle
LOTTE FINANCE VIETNAM

Senior IT Security Officer (mảng Pentest)

LOTTE FINANCE VIETNAM
Địa điểm

Hà Nội

Maps
  • Ngày cập nhật

    11/03/2026

  • Ngành nghề

    CNTT - Phần mềm

  • Hình thức

    Nhân viên chính thức

  • Lương

    Cạnh tranh

  • Kinh nghiệm

    2 - 5 Năm

  • Cấp bậc

    Nhân viên

  • Hết hạn nộp

    10/04/2026

Phúc lợi

  • Chế độ bảo hiểm
  • Phụ cấp
  • Đồng phục
  • Chế độ thưởng
  • Chăm sóc sức khỏe
  • Đào tạo
  • Tăng lương
  • Phụ cấp thâm niên
  • Nghỉ phép năm

Mô tả Công việc

  1. Penetration Testing: Plan, execute, and document penetration tests on web applications, networks, APIs, mobile apps, and cloud environments.
  2. Vulnerability Assessment: Identify, analyze, and prioritize vulnerabilities; provide actionable recommendations for remediation.
  3. Exploit Development: Simulate real-world attack scenarios to validate security controls and uncover potential weaknesses.
  4. Red Team Engagements: Participate in or lead red team exercises to test organizational resilience against advanced threats.
  5. Compliance & Standards: Ensure testing aligns with industry frameworks (OWASP, ISO 27001, PCI DSS...) and regulatory requirements.
  6. Tooling & Automation: Utilize and maintain penetration testing tools (Burp Suite, Metasploit, Kali Linux, etc.) and develop custom scripts for advanced testing.
  7. Reporting & Documentation: Prepare detailed reports outlining findings, risk impact, and recommended mitigations for technical and non-technical stakeholders.
  8. Collaboration: Work closely with security architects, SOC teams, and developers to address vulnerabilities and improve secure coding practices.
  9. Continuous Improvement: Stay updated on emerging threats, exploit techniques, and security technologies; contribute to internal knowledge sharing and training.
  10. Data Protection: Ensure testing activities do not compromise sensitive data or violate privacy regulations.
  11. Provide training and enhance cybersecurity awareness within the organization.
  12. Research, propose, and implement new security technologies to improve security assessment and protection of IT systems.
  13. Perform other tasks as assigned by management.

Yêu Cầu Công Việc

1. Education: Bachelor's degree in Computer Science, Information Security, or related field.
2. Technical Knowledge:
- Proficiency in at least one programming language (PHP, Python, C/C++, Java) and understanding of Software - Development Life Cycle (SDLC).
- Strong knowledge of network protocols, web application security, cloud environments, and secure coding principles...
3. Experience:
- Security testing for Web, API, Mobile, Winform Applications, Network, Infrastructure, and OS.
- Identifying and assessing vulnerabilities in IT systems.
- Security standards such as PCI DSS, OWASP, and cybersecurity attack techniques.
- Reviewing security requirements in BRD and business processes before system development.
4. IT Proficiency:
- Proficiency with penetration testing tools and scripting languages (Python, Bash, PowerShell).
- Information gathering, vulnerability scanning, and security exploitation tools.
5. Skills:
- Documentation and report writing skills.
- Effective communication and presentation skills.
- Analytical and problem-solving abilities.
- Risk management skills.
- Understanding of exploit development, reverse engineering, and threat modeling.
6. Experience: Minimum of 2 years of experience in penetration testing or ethical hacking roles for web applications, mobile applications, server systems, and network devices.
7. Preferred Qualifications: Security certifications such as GPEN, LPT, CEH, OSCP, GWAPT or equivalent penetration testing certifications. Candidates with CVEs or contributions to cybersecurity projects are highly preferred.

Thông tin khác

  • Độ tuổi: Không giới hạn tuổi
  • Lương: Cạnh tranh

Việc làm theo ngành nghề

Feedback