Application Security Engineer

Mức lương

Thương lượng

Kinh nghiệm

3 năm

Hạn nộp hồ sơ

19/04/2025

Địa điểm

Hà Nội

Mô tả công việc

Cốc Cốc is looking for a Security Engineer who can lead security initiatives while also providing hands-on expertise in security engineering. This role requires a unique blend of project management skills to drive security projects from planning to execution, as well as technical security expertise to assess risks, implement security controls, and work closely with development and infrastructure teams.

Responsibilities

Project Management

• Lead and coordinate security-related projects, ensuring they are delivered on time and within scope.
• Work with cross-functional teams (Engineering, DevOps, IT) to define security requirements and implementation plans.
• Develop and maintain project documentation, including road maps, risk assessments, and progress reports.
• Track project progress using Agile or other project management methodologies.
• Communicate security project updates and challenges to stakeholders.

Security Engineering

• Assess and improve the security posture of Cốc Cốc’s applications, infrastructure, and cloud environments.
• Perform security reviews, threat modeling, and vulnerability assessments.
• Collaborate with developers and DevOps teams to integrate security best practices into the software development life cycle (SDLC).
• Implement and manage security tools for monitoring, incident response, and compliance.
• Assist in security incident response, root cause analysis, and remediation efforts.

Yêu cầu ứng viên

Required:

• Experience: 3+ years in security engineering, with exposure to project management OR 3+ years in project management with a strong security background.
• Experience leading security-related projects.
• Knowledge of Agile, Scrum, or other project management methodologies.
• Ability to coordinate multiple teams and manage time lines effectively.
• Strong understanding of security principles, OWASP Top 10, network security, and cloud security.
• Familiarity with security tools such as vulnerability scanners, SIEMs, firewalls, and IDS/IPS.
• Experience with scripting languages (Python, Bash, or PowerShell) for automation is a plus.
• Knowledge of compliance frameworks (ISO 27001, SOC 2, GDPR) is a plus.

Preferred:

• Project management certification (PMP, PRINCE2, CSM) is a plus.
• Security certifications (CISSP, CISM, CEH, OSCP) are a plus.
• Experience working in a DevSecOps environment.

Quyền lợi/Phúc lợi

Competitive benefits:

• Competitive salary and bonus scheme with a 13th month salary.
• Performance review twice/year with opportunity to grow or rotate internally.
• Special annual leave policy with minimum 19 days/year, plus 1 day off on your birthday.
• Annual WFH policy.
• Advanced 24/7 Health Insurance for all employees.
• Great Trade Union benefits such as birthdays, marriage, new born child...

Professional growth:

• Opportunities to learn and grow through regular training programs, coaching and internal sharing.
• Work in a diverse environment with talented colleagues and partners/customers, local and expats.

Positive workplace:

• Different exciting internal events to make you part of the Cốc Cốc family.
• Cozy pantry with plenty of snacks, juice and coffee/tea every day.
• Many interesting hobby clubs to share your passions like English Club, Yoga, Billard or Football.

Thời gian làm việc

• Thứ 2 - Thứ 6 (từ 09:00 đến 18:00)

Địa điểm làm việc

• 8th Floor, ICON4 Multi-purpose Building, 243A De La Thanh Street, Lang Thuong Ward, Quận Đống Đa, Thành phố Hà Nội