Viet Capital Securities (VCSC)

Overview of job

Our growing company is searching for experienced candidates for the position of DevSecOps Engineer. To join our growing team, please review the list of responsibilities and requirements. DevSecOps Engineer will be responsible for driving the secure automation of building, testing, and deployment for both applications and infrastructure in the context of information security projects.

Key Responsibilities:

• Provide security techniques and expertise to ensure the infrastructure and software services meet specific customer security requirements/certifications
• Collaborate with members of the team and product owners to solve operational issues and develop enhancements such as automation.
• Ensure applications stay compliant by integrating application and SecDevOps processes and CI/CD pipelines from early stages of the lifecycle.
• Collaborate with team members on continuous improvement to both the Security DevOps pipelines and processes, and to the Information Security tools, services, and processes.
• Understand technical and business requirements to develop tactical and strategic roadmaps to address and implement Secure SDLC controls (Data Privacy, SAST, DAST, etc.).

Benefits:

• Working time: 5 days/week (Monday to Friday).
• Opportunity for promotion and career development.
• Competitive Income.
• Attractive Bonuses Policy (up to 8 months salary bonus in the end of the year).
• Compulsory Insurances full salary (Social Insurance, Health Insurance, Unemployment Insurance) based on the Labor Code and PVI premium health Insurance based on the Company's regulations.
• 11 Public holidays based on the Labor Code, 15-20 days annual leave based on the Company's regulation, 5-year-employee has 1 more annual leave day.
• Company Team Building Trip every year.
• Participate in other Company activities: Sports, Family Day, Children's Day.
• Training sponsorship programs: Securities certificates, Soft skills, Technical skills.
• Professional and dynamic working environment.

Work Place:

• Viet Capital Securities Joint Stock Company: Floor 15, Bitexco Financial Tower, 02 Hai Trieu Street, District 1, HCMC.

• Bachelor’s Degree in information security, computer science.
• Experience working in an Agile, DevOps/SecDevOps environment.
• 3+ years of experience working in software engineering role.
• 2+ years of experience working in a Security role handling on premise and cloud infrastructures.
• Experience with security testing at scale by building and implementing static and dynamic analysis tools, integrating security into CI/CD workflows for everyday deployments.
• Minimum 3 years’ experience with Authentication and Authorization solutions.
• Experience with static code analysis for software or infrastructure as code, including SonarQube,Terraform.
• Experience with vulnerability scanners, including Tenable Nessus, Qualys, …
• Understanding of secure software development practices - AppSec - Security and/or regulatory experience desired, OWASP 10 and Web Application Security, Mobile Application Security, API Security. 
• Good knowledge of threat modeling, risk assessment techniques, code reviews, and with the latest security best practices.
• Require good knowledge of CI/CD tools - Knowledge of GitLab CI/CD, Seleneoid, JMeter, SoapUI, JUnit. ​ 
• Require good knowledge in automatic configuration management tool - Knowledge of Ansible, Terraform. 
• Require good knowledge of automated security tools - SAST, SCA, DAST, IAST. 
• Good knowledge of containers and orchestration platforms. Need to know how to create, build, deploy and manage containers in development and production environments - Docker, Kubernetes.
• Patterns/ Principles - Blue/Green Deployment - Canary Release, Feature Flipping. 
• IDE: Eclipse, Visual Studio. 
• Public Cloud services knowledge: AWS, Digital Ocean.
• Knowledge of Logging & Monitoring tools: ELK, Grafana, DataDog, Prometheus.
• Experience in developing integration APIs and WebServices (REST/SOAP), API Development Experience, Knowledge of API Security.
• Good English communication.