AppSec (DevOps/DevSecOps) Engineer

Job Summary
We are seeking an AppSec/DevSecOps Engineer to help establish and mature our application security and secure development practices. This role will initially focus on standardizing our DevOps pipelines and progressively integrate security into every stage of the software lifecycle. The engineer will support secure software design, application security testing, and developer enablement programs, with the long- term goal of leading our AppSec capability.
Key Responsibilities
- Developer Training & Security Champions: Deliver secure coding training, support Security Champions program, and promote security awareness among developers.
- DevOps Standardization: Streamline and standardize the company’s CI/CD pipelines for cybersecurity projects, preparing the foundation for DevSecOps integration.
- Framework & Maturity Models: Contribute to the adoption of industry standards and frameworks such as OWASP SAMM for measuring and improving software assurance maturity.
- Secure SDLC Integration: Embed security controls and checks into software development workflows, from design to deployment.
- Security by Design: Collaborate with architects and product teams to ensure applications are designed with security principles in mind (Threat Modeling, Secure Design Review, Security Requirement).
- Application Security Testing: Implement and maintain SAST, DAST, SCA, and other testing tools within pipelines; triage and coordinate fixes with developers.
- Continuous Improvement: Proactively recommend enhancements to DevSecOps tools, processes, and policies to improve resilience and efficiency.
***About Concung.com
- Working time: 8:30- 17:30 Monday- Friday
- Working place: 5th Floor, Con Cưng Super Center, 09 Nguyen Trai Street, Ben Thanh Ward, Dist. 1, HCMC

We are looking for a highly motivated person with:
- Strong critical thinking and analytical skills
- 2- 3+ years of experience with DevOps practices (CI/CD, containerization, cloud- native deployment).
- Can do attitude, gets things done
- Familiarity with application security testing tools (SAST, DAST, SCA, dependency scanning).
- Experience with DevSecOps integration in modern pipelines (GitLab CI, Jenkins, GitHub Actions, etc.).
- Strong scripting/automation skills (Python, Bash, or similar).
- A proactive attitude & the ability to think outside of the box
- Excellent collaboration and communication skills, with the ability to work closely with developers, architects, and operations teams.
- Works in an organised, structured manner
- Knowledge of secure software development practices (threat modeling, secure design principles, OWASP Top 10).
- Excellent communication skills with diverse audiences
Nice- to- have:
- Familiarity with infrastructure as code security (Terraform, Kubernetes, Helm).
- Cloud security knowledge (AWS, Azure, GCP).
- Experience delivering developer training or mentoring Security Champions.
- Exposure to security frameworks such as OWASP SAMM, BSIMM, or NIST SSDF.
- English communication.
***Benefit
- Fast promotion opportunities based on personal ability
- Regular training, company team building, birthday bonus
- Annual bonus: 2- 3 months under minimum KPI requirement
- Work in a dynamic, open, creative environment

Chế độ bảo hiểm, Du Lịch, Phụ cấp, Chế độ thưởng, Chăm sóc sức khỏe, Đào tạo, Tăng lương, Công tác phí, Nghỉ phép năm

Cập nhật gần nhất lúc: 2026-01-16 14:00:04