Back to search
Galaxy FinX Linkedin · Posted 19d ago

Senior/Lead Security Engineer

Ho Chi Minh City

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

FinX aims to build a digital banking product that will deliver on the promise of simplicity, technological advancement, and superior customer products & services for millions of people in Vietnam.

Responsibilities:

  • Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
  • Review and validate automated testing results and prioritize actions that resolve issues based on overall risk. Perform application security tests using binary analysis.
  • Perform manual source code review for security vulnerabilities. Analyze source code to mitigate identified weaknesses and vulnerabilities within the system.
  • Identify opportunities to automate and standardize information security controls and for the supported groups. Participate in conference calls with engineering team to ensure proper scan coverage and effective results.
  • Write formal security assessment report for each application, using our company's standard reporting format.
  • Direct the development and delivery of secure solutions by coordinating with business and technical contacts. Collaborate with application teams to ensure that any identified security vulnerabilities are remediated in a timely manner.
  • Manage and execute security assessments for multiple projects simultaneously and ensure project timelines are met.
  • Research and explore new testing tools and methodologies. Act as a mentor to the junior team members.
  • Actively participate in research and knowledge sharing discussions with broader Vulnerability Assessments organization. Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions.
  • Appropriately assess risk when business decisions are made, demonstrating consideration for the firm's reputation and safeguarding Citigroup, its clients, and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.
  • Compliance with PCI DSS requirements

Qualifications:

  • At least 3 years of relevant experience in web development, source code review, or application security testing.
  • Basic understanding of application security and associated vulnerabilities
  • Development background in Java/J2EE, C#, .NET in an enterprise environment
  • Development experience with modern JavaScript frameworks, Python, JSON, Lambda
  • Good understanding of the Software Development Life Cycle – including unit testing, code scanning
  • Experience using ALM and CICD tools like Bitbucket, TFS, Jenkins, udeploy, BMC RLM or related tools in an agile methodology.
  • Familiarity with static analysis (source code review) and application pen-testing techniques
  • Experience using commercial enterprise automated security testing tools such as Checkmarx, Snyk, AppScan Source, Fortify, Veracode, Blackduck, Sonatype, Contrast, Seeker is a plus.
  • Knowledge with mobile platforms and languages including Android, Kotlin, Objective-C, Swift is a plus.
  • Experience using or testing cloud platforms (AWS, Google, Azure, etc.) is a plus.
  • Proven influencing and relationship management skills.
  • Consistently demonstrates clear and concise written and verbal communication.
  • Professional certifications, such as CISSP, CSSLP, GIAC, CEH, or willingness to obtain.

Education:

  • Bachelor’s degree in technology, Computer Science, Engineering, or related field
  • Master’s degree is a plus.

Location: PV Gas Tower, 673 Nguyen Huu Tho, Phuoc Kien Ward, Nha Be District, HCMC, Vietnam

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent