IT Security & Compliance Specialist

UrBox has the widest network of clients in loyalty in Vietnam and provides loyalty & reward solutions to many big organizations in the aviation, banking, FMCG, Insurance, Real Estate industries and more.
UrBox is Vietnam’s leading digital gifting & loyalty platform that enables businesses to integrate their reward & loyalty programs with an ever- growing network of more than 350 brands & 20,000 accepted online and offline stores in Vietnam.
KEY RESPONSIBILITIES:
The IT Security & Compliance Specialist will be the guardian of UrBox’s technical integrity. You will lead the efforts to achieve PCI- DSS SAQ- D compliance, harden our PostgreSQL databases, and secure our MLOps pipelines. Your mission is to proactively identify vulnerabilities and architect robust fraud detection mechanisms across our operations.

MLOps Security: Integrate security checkpoints into the AI/ML lifecycle. Protect ML models and data pipelines from poisoning, inversion attacks, and unauthorized access.
Vulnerability Management: Perform regular VAPT (Web, Mobile, Cloud) and Secure Code Reviews to identify and mitigate risks early in the SDLC.
Fraud Detection & IR: Build automated monitoring systems (SIEM/IDS) to detect transaction fraud and operational anomalies. Lead the Incident Response team when breaches occur.
Database & Infrastructure Hardening: Secure PostgreSQL environments using RBAC, Row- Level Security (RLS), and audit logging. Ensure high- level encryption for sensitive data.
Compliance & Audit: Lead the technical implementation and documentation for PCI- DSS SAQ- D certification by Q1 2026. Conduct regular internal audits to ensure continuous compliance.

Experience: 3–5 years in Cyber Security, preferably in Fintech or E- commerce.
Database Expertise: Strong hands- on experience with PostgreSQL security configurations and performance monitoring from a security perspective.
Able to read and understand technical English documents and security standards.
Tools: Proficient with Burp Suite, Nessus, Metasploit, and SQL injection testing tools.
Graduated from University in Information Technology.
Compliance Knowledge: Deep understanding of PCI- DSS, ISO 27001, or SOC2 frameworks.
ML & Cloud Skills: Knowledge of securing AWS/GCP environments and MLOps frameworks. Experience with Docker/K8s security is a major plus.
Cyber Security, Information Security, Computer Science, Software Engineering, or equivalent.

Laptop, Chế độ bảo hiểm, Du Lịch, Phụ cấp, Chế độ thưởng, Chăm sóc sức khỏe, Đào tạo, Tăng lương, Công tác phí, Nghỉ phép năm

Cập nhật gần nhất lúc: 2026-02-15 19:15:02