Senior DevSecOps Engineer

AWS Software Development Azure GCP

Salary

Negotiable

Location

Ho Chi Minh

Job Overview And Responsibility

- Conduct manual and automated secure source code reviews in platforms such as Kotlin, Node.js, Android, iOS, and Python. - Perform mobile application penetration testing to identify and remediate vulnerabilities in Android and iOS apps. - Perform penetration testing on APIs, GraphQLs, and web interfaces to uncover and mitigate risks. - Conduct threat modelling and establish threat profiles to identify, quantify, and mitigate application security risks. - Collaborate with development, infrastructure, and networking teams to deliver secure application solutions. - Review and secure mobile and web APIs (REST, SOAP), ensuring proper SSL/TLS implementation. - Integrate security testing into CI/CD pipelines using tools such as GitHub Actions. - Use SAST/SCA/DAST tools to identify and remediate vulnerabilities. - Apply industry best practices including OWASP Top 10 for web, mobile, APIs, and OWASP ASVS. - Contribute to the development and enforcement of internal application security standards and policies. - Stay current with emerging threats, vulnerabilities, and security technologies, including AI-related security risks and defences. - Perform and automate BAU application security, offensive security, and vulnerability management tasks.

Required Skills and Experience

- At least 8 years of experience in software development, application security, and cloud platforms (AWS, Azure, GCP). - Hands-on experience in mobile, web, and API penetration testing using tools such as Burp Suite, MobSF, Frida, etc. - Proficiency in at least one programming language (e.g., Java, Kotlin, JavaScript, Python) and scripting (e.g., Bash, PowerShell). - Strong understanding of secure coding practices and code review methodologies. - Experience with threat modelling frameworks (e.g., STRIDE, DREAD). - Familiarity with Agile and DevOps environments. - Experience with SAST/SCA/DAST tools and integrating them into CI/CD workflows. - Solid grasp of API security and cryptographic protocols. - Knowledge of OWASP standards and secure SDLC practices.

Why Candidate should apply this position

- Benefits will be shared in details for successful candidates

Preferred skills and experiences

- Experience with AI/ML application security (prompt injection, model abuse, red teaming). - Certifications such as OSCP, CSSLP, AWS/Azure Security Engineer Associate, or equivalent. - Experience with container security and infrastructure-as-code scanning.