Senior DevSecOps Engineer

AWS Software Development Azure GCP

Icon company Công ty

GFT Group

Icon salary Lương GROSS
Thương lượng
Icon Location Vị trí
Ho Chi Minh
Icon Vacancies Số lượng còn trống
1 person(s)

Tổng quan về công việc và trách nhiệm

- Conduct manual and automated secure source code reviews in platforms such as Kotlin, Node.js, Android, iOS, and Python. - Perform mobile application penetration testing to identify and remediate vulnerabilities in Android and iOS apps. - Perform penetration testing on APIs, GraphQLs, and web interfaces to uncover and mitigate risks. - Conduct threat modelling and establish threat profiles to identify, quantify, and mitigate application security risks. - Collaborate with development, infrastructure, and networking teams to deliver secure application solutions. - Review and secure mobile and web APIs (REST, SOAP), ensuring proper SSL/TLS implementation. - Integrate security testing into CI/CD pipelines using tools such as GitHub Actions. - Use SAST/SCA/DAST tools to identify and remediate vulnerabilities. - Apply industry best practices including OWASP Top 10 for web, mobile, APIs, and OWASP ASVS. - Contribute to the development and enforcement of internal application security standards and policies. - Stay current with emerging threats, vulnerabilities, and security technologies, including AI-related security risks and defences. - Perform and automate BAU application security, offensive security, and vulnerability management tasks.

Kỹ năng và kinh nghiệm tối thiểu

- At least 8 years of experience in software development, application security, and cloud platforms (AWS, Azure, GCP). - Hands-on experience in mobile, web, and API penetration testing using tools such as Burp Suite, MobSF, Frida, etc. - Proficiency in at least one programming language (e.g., Java, Kotlin, JavaScript, Python) and scripting (e.g., Bash, PowerShell). - Strong understanding of secure coding practices and code review methodologies. - Experience with threat modelling frameworks (e.g., STRIDE, DREAD). - Familiarity with Agile and DevOps environments. - Experience with SAST/SCA/DAST tools and integrating them into CI/CD workflows. - Solid grasp of API security and cryptographic protocols. - Knowledge of OWASP standards and secure SDLC practices.

Tại sao ứng viên nên làm ở đây

- Benefits will be shared in details for successful candidates

Các vị trí tương tự