Mô tả công việc:
• Identify, highlight and remediate information security risk in the Bank
• Comply with the Bank’s Information Security Policy, Regulations, Standards, and Process
• Provide feedback to enhance the current policies, regulations, standards and processes where necessary
• Communicate and ensure all staff understands and comply with the Information Security Policy, Regulations, Standards and Processes
• Help the organization evolve its application security functions and services
• Responsible for upholding code reviews across all code platforms
• Take charge of bug intake and remediation process for the organization
• Provide leadership for application vulnerability scanning and penetration testing remediation
• Manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Code Analysis tools
• Discover security exposures and develop mitigation plans, and also report and fix the technical debt
• Provide support to the Information Security Manager on all application security activities
• Represent the organization in Information Security programs
• Actively participate in security initiatives with minimum supervision
• Function as a subject matter expert for security solutions within the organization’s platform
• Provide guidance to junior-level security engineers
• Responsible for troubleshooting production issues and performance bottlenecks
• Follow security best practices in performing tasks
• Work closely with cross-functional teams (Engineering, DevOps, DevSecOpsProduct) while carrying out daily tasks
• Contribute to requirement gathering with product teams
• Work together with cross Business Unit teams on executing standardized security solutions and integrations
• Partake in inner sourcing initiatives within the organization
• Provide the appropriate guidance and advisory in the area of Application Security and DevSecOps
• Be able to contribute to the Bank in terms of documentation, transfer of ideas and implementing the plans in the area of Application Security and DevSecOps
Yêu cầu công việc:
1. Educational Qualifications
• Bachelor's or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry-related curriculum)
• Has appropriate subject matter expertise in their area of information security specialization
• CISSP/GIAC Certifications is preferred
2. Relevant Knowledge/ Expertise
• 8+ years of Information Security, Application Security, Programming, DevOps, Cloud, Computer Science, Data Analytics, or related
• Excellent verbal and written skills with an ability to present technical specifications and solutions.
• Ability to manage working on multiple initiatives in a fast paced agile environment.
• Strong knowledge of secure code development practices.
• Experience working with PHP, Java, Python and JavaScript.
• Strong application development background designing and building robust and scaleable applications with Python or similar languages.
• Experience working in a DevOps environment with an automation first mindset.
• Experience using Jenkins as a CI (Continous Integration) and CD (Continous Deployment) tool.
• Experience using Harness as a CD (Continuous Deployment) tool
• Ability to design and build full stack solutions with Python and React or Vue.js.
• Strong knowledge working with container platforms such as Kubernetes and/or Openshift.
• Experience with SAST (static application security testing), DAST (dynamic application security testing) and IAST (interactive application security testing) tooling.
• Strong knowledge of OWASP practices
• Knowledge of authentication protocols such as OAuth, OpenID Connect, SAML and PKI.
3. Skills
• Have ability to read and understand the professional documents in English.
• Strong interpersonal and communication skill
• Be able to catch up and manage works quickly and effectively
• Be able to work independently with high pressure, good in teamwork
• Careful, responsible, and secure in protecting information/data belong to Bank
• Good knowledge of risk management principles, methodology and practice
• Preferred Fluent in English
4. Relevant Experience
• Stakeholder expectation management
• People Management
• Risk Management
• Budget Management
QUYỀN LỢI:
• Competitive salary
• 13th month bonus, Performance bonus, holiday & training
• Education benefits: The bank training institute will monthly send a list of courses for employees to choose their suitable course. Therefore, you can self-registration due to your job requirements
• Insurance: Insurance under labor law + private insurance for individuals. Premium employees are entitled to insurance for their relatives
• Able to have annual travel allowance
• Get monthly phone allowance and gasoline allowance
• Have opportunity to participate in many great events
• Working under energetic, friendly environment and good chances to develop your career