Job description

A. Job Objectives

Participate in the implementation, operation, and control of application and data-related security activities to ensure compliance with internal regulations and legal requirements, and to minimize the risk of data leaks and security vulnerabilities.

B. Main Responsibilities

1. Information Security Assessment

• Conduct security assessments for information systems according to plan

• Review security configurations and access control

• Monitor vulnerability remediation and non-compliance issues

2. Application Security

• Participate in the security process in the SDLC: Review security requirements, support secure coding, perform SAST/DAST/SCA testing, conduct pre-golive information security assessments, coordinate with Dev, QA, and Infrastructure to address vulnerabilities

• Manage the operation of application security systems: Mobile Security, SAST, DAST

3. DLP System Operation

• Monitor alerts and handle DLP events

• Refine rules/policies

• Analyze data leakage cases

• Prepare periodic reports

• Data Classification & Protection: Participate in building and implementing data classification, label data according to regulations, propose appropriate protection measures for each classification level Type

4. Database Security

• Monitoring and operating the Database Firewall/DAM system

• Tracking unusual database access

• Reviewing database access rights

5. Reporting & Compliance

• Preparing periodic or ad-hoc operational reports as required.

• Assisting in providing documentation for audits/inspectors.

Job requirements

- Bachelor's degree in IT or related fields, with >2 years of experience in security, preferably candidates with experience in similar fields (Application Security, DLP, Database Security)

- Language: Conversational English, ability to read and understand technical documents.

- Basic knowledge of:

• Operating systems, networks, TCP/IP, network security systems, intrusion detection and prevention systems, and systems related to information security.

• Application Security: OWASP Top 10, Secure SDLC, Security Testing (SAST/DAST is an advantage)

• Data Protection: Data classification, Data Loss Prevention (DLP), Data access control

• Databases: Popular database management systems (Oracle / SQL Server / MySQL…), Concepts of permissions and database audit

• Certifications: Candidates with the following certifications are preferred: CEH, CompTIA Security+/Pentest+, eJPT / PNPT, OSCP, CSSLP…

Contact Information:

Interested candidates, please send your Employee’s information with attached photo (Click here) to:

Ms. Trinh - Recruitment Team

HR Management and Development Department.

97A Nguyen Van Troi, Phu Nhuan Ward, HCMC.

Tel: (84-028) 3942 1042 - Ext. 5589                    

Email: tuyendung@indovinabank.com.vn

Website: http://www.indovinabank.com.vn

P/S:  Only qualified candidates shall be contacted for interview. Candidates’ CVs will not be returned!