VPBank

MÔ TẢ CÔNG VIỆC

1. Vulnerability assessment and penetration testing program and responsible for the design and performance of application security robustness tests.

Develop/implement/trainning/apply security by design framework to Bank Security controls end to end for projects/CR make sure new services & system is safe before golive Supporting Vendor Security activities to ensure 3rd‐party software and development meets Bank security standards. Deliver the annual penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications/devices Automate penetration and other security testing on networks, systems and applications Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators Trial attacks & incident response Research/develop new security standards/technique guidle and apply to bank Operate security technologies, control security changes/ensuring the safety of information technology systems Continuously improve security controls in the software development process 2. Implement security program to security development

Participation with key technicque in security projects, security solutions requires a very high of expertise skill Consulting for the project to resolve arising problems, beyond the technical scope 3. Develop/implement/apply security by design to Projects

Develop/implement/trainning/apply security by design framework to Bank Security controls end to end for projects/CR make sure new services & system is safe before golive Supporting Vendor Security activities to ensure 3rd‐party software and development meets Bank security standards. YÊU CẦU CÔNG VIỆC 1.Trình độ đào tạo

    Bachelor's or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry-related curriculum)

2. Kiến thức/ Chuyên môn cần có

 5 years or more of working experience in IT security banking, good knowledge international IT security standards (ISO 270001, PCI-DSS,…), ITIL

Have good knowledge about: network security, system security, application security and virus/malwares, secure coding, cloud, devsecops Expert with architect, security technology, integration Have good knowledge with pen test with OWSAP Standard and ability discovery & exploit vulnerabilities, cyber attack Good using some tools for hacking: VA, APPScan, Metaexploit, kalilinux Experienced in implementing ISO27000/PCI-DSS is preferred Have good knowledge with secure coding with some languages: Python, Shell, PHP and have good knowledge with encryption, cryptography techniques 3. Các kỹ năng/ Skills cần có

Have ability to read and understand the professional documents in English.
Strong interpersonal and communication skill Be able to catch up and manage works quickly and effectively Be able to work independently with high pressure, good in teamwork Careful, responsible, and secure in protecting information/data belong to Bank Good knowledge of risk management principles, methodology and practice
Preferred Fluent in English
4. Các kinh nghiệm liên quan/ Relevant Experience

Stakeholder expectation management / Quản lý kỳ vọng của các bên liên quan, các bên thụ hưởng.. People Management / Quản lý con người, nhân sự. Risk Management / Quản lý rủi ro Budget Management / Quản lý ngân sách 5. Các năng lực liên quan khác

Strong Logical Thinker and Planner Management, Leading ability / Năng lực quản lý và khả năng lãnh đạo. Implementation and Deliver ability / Năng lực thực hiện và chuyển giao.