JOB DESCRIPTION
- Conduct security audits and penetration testing on all web application projects we are implementing for our clients to ensure no security risks before production release
- Perform vulnerability assessments, security code reviews, and threat modeling across all client projects
- Collaborate with development teams to remediate identified security issues and provide secure coding guidance
- Document findings in detailed security audit reports with reproducible steps and recommended fixes
- Support manager to build, maintain, and improve internal security testing checklists, tools, and processes
- Research and keep up-to-date with the latest security threats, CVEs, and best practices
- Support pre-release security sign-off as part of the production release process
JOB REQUIREMENTS
MUST HAVE SKILLS:
- 1-3 years of experience in application security, penetration testing, or security engineering (Junior to Middle level)
- Solid understanding of OWASP Top 10 and common web application vulnerabilities (SQLi, XSS, CSRF, SSRF, IDOR, authentication and session flaws, insecure deserialization)
- Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, Nmap, sqlmap, Metasploit
- Ability to perform manual penetration testing of web applications and REST APIs (black-box and grey-box)
- Good understanding of authentication, authorization, encryption (TLS, hashing, JWT), and secure coding principles
- Ability to write clear, actionable security audit reports in English
- Strong analytical and problem-solving skills, ownership mindset
NICE TO HAVE:
- Security certifications such as CEH, eJPT, eWPT, OSCP, or CompTIA Security+
- CTF participation, bug bounty experience, or public CVE disclosures
- Experience with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes)
- Knowledge of DevSecOps and CI/CD security integration (SAST, DAST, SCA tools)
- Familiarity with mobile application security testing (iOS / Android)
- Scripting skills in Python or Bash for security automation
- Experience working in an outsourcing / ODC model with international clients
Skills Tags: Security, Penetration Testing, OWASP, Burp Suite, Web Application Security, Vulnerability Assessment
BENEFITS
Competitive Salary and Brilliant Health Benefits
- Attractive salary (13th-month salary, salary review twice/year) and project bonus
- Bonus programs for candidate referral, technical article writing
- Allowance for sickness, maternity, paternity and periodic health examination
- PVI health care program
- The staff of the quarter and year reward
Progressive and Fun Working Environment
- A professional English-speaking working environment with Agile – Scrum model
- Hybrid Working Model: Flexible working time and WFH support.
- Surrounded with friendly, open-minded, young and supportive colleagues
- Annual company trip and regular team-building parties, party celebration (Christmas, Birthday, Mid-autumn,...), Sports clubs (football, badminton, swimming …)
Valuable Training
- Sponsor examination fee for professional certificates (AWS, Azure, IELTS, PMP, Scrum Master,...)
- Sponsor fee for joining any technical training sessions and courses.
- Free English workshops
