Senior IT Security (Pentest - Architecture & Application)

Mô tả Công việc

IT Security Implementation
- Develop and execute security assessments for IT projects and systems.
- Conduct vulnerability assessments and penetration testing (Vulnerability Assessment & Penetration Testing) on:
- Web applications, Mobile applications (iOS & Android), API, Winform.
- Server systems (Windows, Linux), databases, network infrastructure, and cloud environments.
- Review and optimize security configurations on servers, network devices, security appliances, and storage systems.
IT Security Operations
- Update and manage security vulnerabilities in IT systems, develop and implement remediation plans.
- Maintain and ensure compliance with PCI DSS certification and NHNN security standards.
- Operate and maintain critical security systems such as SIEM, IPS/IDS, DLP, PIM.
- Collaborate with relevant departments to implement security measures such as patch management, antivirus management, and endpoint protection.
Vulnerability Management
- Continuously update and monitor security vulnerabilities, malware threats, and risks; analyze and provide recommendations for remediation.
- Conduct regular security assessments (VA, Pentest, ASV, APT, segment test) for operating systems, applications, databases, and networks.
- Manage, monitor, and ensure remediation of all detected security vulnerabilities in IT services.

Yêu Cầu Công Việc

Education
- Bachelor's degree in Information Security, Cybersecurity, Cryptography, IT, Telecommunications, Computer Science, or related fields.
 

Technical Knowledge
- Proficiency in at least one programming language (PHP, Python, C/C++, Java) and understanding of Software - Development Life Cycle (SDLC).
- Strong knowledge of networking, security, server operating systems, Middleware, and databases.
 

Experience in
- Security testing for Web, API, Mobile, Winform Applications, Network, Infrastructure, and OS.
- Identifying and assessing vulnerabilities in IT systems.
- Security standards such as PCI DSS, OWASP, and cybersecurity attack techniques.
- Reviewing security requirements in BRD and business processes before system development.
 

IT Proficiency
- Proficient in security testing tools, including:
- Information gathering, vulnerability scanning, and security exploitation tools.
 

Skills
- Strong documentation and report writing skills.
- Effective communication and presentation skills.
- Analytical and problem-solving abilities.
- Risk management skills.
 

Experience: Minimum of 2 years of experience in IT security, including security testing for web applications, mobile applications, server systems, and network devices.
Preferred Qualifications: Security certifications such as GPEN, LPT, CEH, OSCP, or equivalent penetration testing certifications.Candidates with CVEs or contributions to cybersecurity projects are highly preferred.