Senior IT Security Officer (mảng Pentest)

Tooling & Automation: Utilize and maintain penetration testing tools (Burp Suite, Metasploit, Kali Linux, etc.) and develop custom scripts for advanced testing.
Vulnerability Assessment: Identify, analyze, and prioritize vulnerabilities; provide actionable recommendations for remediation.
Penetration Testing: Plan, execute, and document penetration tests on web applications, networks, APIs, mobile apps, and cloud environments.
Data Protection: Ensure testing activities do not compromise sensitive data or violate privacy regulations.
Research, propose, and implement new security technologies to improve security assessment and protection of IT systems.
Continuous Improvement: Stay updated on emerging threats, exploit techniques, and security technologies; contribute to internal knowledge sharing and training.
Compliance & Standards: Ensure testing aligns with industry frameworks (OWASP, ISO 27001, PCI DSS...) and regulatory requirements.
Collaboration: Work closely with security architects, SOC teams, and developers to address vulnerabilities and improve secure coding practices.
Exploit Development: Simulate real- world attack scenarios to validate security controls and uncover potential weaknesses.
Reporting & Documentation: Prepare detailed reports outlining findings, risk impact, and recommended mitigations for technical and non- technical stakeholders.
Perform other tasks as assigned by management.
Red Team Engagements: Participate in or lead red team exercises to test organizational resilience against advanced threats.
Provide training and enhance cybersecurity awareness within the organization.

Education: Bachelor&039;s degree in Computer Science, Information Security, or related field.
Technical Knowledge:
- Strong knowledge of network protocols, web application security, cloud environments, and secure coding principles...
- Proficiency in at least one programming language (PHP, Python, C/C++, Java) and understanding of Software- Development Life Cycle (SDLC).
Experience:
- Reviewing security requirements in BRD and business processes before system development.
- Identifying and assessing vulnerabilities in IT systems.
- Security standards such as PCI DSS, OWASP, and cybersecurity attack techniques.
- Security testing for Web, API, Mobile, Winform Applications, Network, Infrastructure, and OS.
IT Proficiency:
- Information gathering, vulnerability scanning, and security exploitation tools.
- Proficiency with penetration testing tools and scripting languages (Python, Bash, PowerShell).
Skills:
- Risk management skills.
- Analytical and problem- solving abilities.
- Effective communication and presentation skills.
- Understanding of exploit development, reverse engineering, and threat modeling.
- Documentation and report writing skills.
Preferred Qualifications: Security certifications such as GPEN, LPT, CEH, OSCP, GWAPT or equivalent penetration testing certifications. Candidates with CVEs or contributions to cybersecurity projects are highly preferred.
Experience: Minimum of 2 years of experience in penetration testing or ethical hacking roles for web applications, mobile applications, server systems, and network devices.

Chế độ bảo hiểm, Phụ cấp, Đồng phục, Chế độ thưởng, Chăm sóc sức khỏe, Đào tạo, Tăng lương, Phụ cấp thâm niên, Nghỉ phép năm

Cập nhật gần nhất lúc: 2026-03-07 19:15:02