We are seeking an experienced and passionate DevSecOps Engineer who can champion the effort to expand the use of DevSecOps for the company. As world around us changes the company is responding in a safe and secure way. Your role in this transformation will be to use the latest tooling and techniques to ensure we have the capability to build and maintain applications security within our environments.

As a DevSecOps engineer, you will provide leadership in the DevSecOps areas of Vulnerability Scanning, Certificate Management, Password Policy Management, Data Analysis of security monitoring outputs, coordination of Remediation Patching, and other daily Security and Compliance efforts. Additionally, you will assist in developing an automated security framework for robust deployment tools and processes, leveraging various scripting languages and open-source solutions.

Responsibilities

• Design and implement secure automation solutions for development, testing, and production environments
• Collaborate with Product Management and Architects to contribute to the roadmaps of Cloud Platform
• Maintains extensive knowledge of state-of-the-art principles, theories, and practices around all things software-related. Identifies and recommends long-term technologies of relevant company interest and proposes long-term development strategy on cutting-edge trends and developments in area of expertise.
• Implement security best practices and configuration management
• Employ infrastructure as code paradigm to increase automation, scalability, and reliability
• Perform technology watch related to industry trends and, best practices.
• Familiarity with Security Management tools.
• Experience with security automation and machine learning.

Qualification and Requirements

• Demonstrable experience and knowledge of working with DevSecOps technologies across multiple platforms.
• Bachelor’s Degree in Computer Science or related field.
• Prior experience (3-5 years) in a Production Engineering or related position.
• Experience working with Developers, DevOps, and Engineering teams in a dynamic environment to promote/implement the DevSecOps program throughout the organization.
• Experience coordinating and performing vulnerability assessments through the use of automated and manual tools
• Ability to review and analyze vulnerability data to identify security risks to the organization’s network, infrastructure, and application’s and determine any reported vulnerabilities that are false positives.
• Capability to prepare security vulnerability and risk management reports for management.
• Leadership and Teaming skills to coordinate remediation of vulnerabilities within established timeframes.
• Proficiency in Java and other scripting languages.
• Familiarity with Information Security frameworks/standards.
• Comprehension in the security areas of Key Management Systems, Certificate Management, Encryption, Penetration Testing, Vulnerability Scanning, Security and Monitoring tools, etc.
• Experience configuring, implementing and leveraging computer security and networking diagnostic/monitoring tools.
• Knowledge of Windows and Linux patch management and related information security functions
• Ability to work with APIs and Plugins to integrate security tools into established CI/CD pipelines

Benefits

• Working time from Monday to Friday (Flexible working time and hybrid policy)
• Attractive income (base salary & performance bonus) in Viet Nam fintech markets
• 20 days of annual leave, 10 days of sick leave and public holidays.
• Devices provided (Macbook, mouse, monitor…)