Senior Security Engineer (Application Security)

CodeLink

Hai Chau, Da Nang
Permanent
Full-time

3 days ago
Apply easily

OverviewWe are looking for a Senior Security Engineer who will act as a security champion for project teams, helping identify potential security weaknesses and improve system security throughout the development lifecycle.This role focuses on working closely with developers, DevOps engineers, and project teams to review system designs, identify vulnerabilities, and provide practical security recommendations before and during project releases.Responsibilities1. Security Review & Risk Identification

Review project architectures, applications, and infrastructure to identify potential security risks.
Act with a red-team mindset to identify weaknesses before production releases.
Perform security assessments and vulnerability reviews on applications and cloud environments.

2. Security Design Review & Threat Modeling

Participate in security design reviews for new systems and major architectural changes.
Guide teams in performing threat modeling to identify potential attack scenarios.
Provide recommendations to improve authentication, access control, data protection, and system security.

3. Vulnerability Management & Security Improvement

Identify security vulnerabilities and work with Engineering and DevOps teams to resolve them.
Support teams in implementing security improvements across application code, infrastructure, and configuration.
Track remediation progress and ensure security issues are addressed.

4. Secure Development Practices

Promote secure development practices (Secure SDLC) within engineering teams.
Provide guidance on secure coding, secrets management, and secure system design.
Share security knowledge and practical best practices with developers.

5. Client Security & Compliance Support

Ensure project teams meet security and compliance requirements defined by clients.
Support project teams in responding to client security reviews.
Help ensure projects follow internal security policies and standards such as ISO27001.

Requirements

5+ years of experience in security engineering, application security, DevSecOps, or infrastructure security.
Strong understanding of application security principles and common vulnerabilities (OWASP Top 10).
Experience with cloud environments (AWS, GCP, or Azure).
Familiarity with:

Authentication and authorization mechanisms

Secure coding practices
Authentication and authorization
Encryption and secrets management
Network security concepts
Experience with security testing tools, vulnerability scanning, or penetration testing techniques is a plus.
Strong English communication skills (written and verbal).
Strong collaboration skills to work across multiple project teams.
Security certifications such as Security+, CISSP, CEH, or similar are a plus.

Benefits

Three days remote every week and four full remote weeks per year.

Gold level Health Insurance coverage from Bao Viet Insurance, a yearly complete Health Check and social insurance
All office benefits and full salary during probation.
Flexible working time starting anytime up to 10 AM working Monday - Friday with no overtime and a long lunch break.
Unlimited snacks and nice coffee every day.
Choose from a brand-new Mac or PC device.
Salary review twice a year with opportunities for promotions and spot awards.
12 days annual leave per year, with all days not taken paid out in cash, plus 2 sick leave days.
Yearly Training Budget up to 5 million VND per staff. On top of that, Professional coaching program, buddy system, tech talks, agile sessions, and 1on1 private English classes are available
Yearly company trip, monthly activities, and other Celebrations for special days in the year, such as Women’s Day, YEP, and Christmas.
Employee-led clubs within the company; games teams, sports teams, etc.
Modern open-space office with comfortable workspace, a PS5 games room, and chill-out areas.

CodeLink