Tiki.vn

Overview of job

About the Role

As a Security Engineer, you will help identify and address security weaknesses across our applications, systems, and cloud infrastructure.

You'll focus on penetration testing, vulnerability assessments, and developing tools to automate security testing — ensuring our platform remains resilient against evolving threats.

What you’ll do

1. Application Security & SDLC

• Assist in integrating AppSec tools into CI/CD (SAST, SCA, DAST, secret scanning, dependency checks).
• Implement lightweight automation to improve developer security feedback loops (shift-left).
• Support secure code review and help maintain application security guidelines.
• Participate in threat modeling sessions and identify security gaps in new features.

2. Security Automation & Tooling

• Design and develop automated tools/scripts supporting AppSec workflows (e.g., scanning orchestration, auto-reporting, API security checks).
• Build automation to support pentesting tasks: 
  •  Recon automation
  •  Endpoint/parameter discovery
  •  Fuzzing helpers
  •  Log & traffic analyzers
• Familiarity with open-source security tools and prototype enhancements for internal use.

3. Pentesting & Vulnerability Analysis

• Conduct penetration testing on web apps, APIs, and cloud-based systems.
• Assist in vulnerability assessments, reproduce findings, and coordinate remediation.
• Monitor emerging techniques and contribute ideas to improve testing methodologies.

Inside our lean engineering team:

• We work on large and complex systems, with a focus on ownership and continuous learning.
• We work within existing constraints and improve systems incrementally.
• We value strong fundamentals and the ability to reason through unfamiliar or complex systems.
• Collaboration is direct, and discussions focus on solving problems and delivering results.

Our offers include: 

• MacBook provided
• Full salary insurance & health care insurance
• Annual leave & wellness leave 
• Annual health check-up 

Must-Have

• Clear interest and long-term orientation toward Application Security.
• 2+ year of experience in penetration testing, vulnerability analysis, or code-level audits
• Familiarity with OWASP, static/dynamic analysis tools, and common security testing utilities
• Experience identifying security risks throughout the SDLC
• Programming skills in Python, Golang, or Java
• Solid understanding of secure coding practices, access control, and common vulnerabilities
• Prior experience (project, lab, personal tool) in building automated tools for security testing or AppSec workflows.

Nice-to-Have

• Experience writing modules, plugins, or scripts for tools like Burp Suite, ZAP, Semgrep, Nuclei, etc.
• GitHub projects or personal tools showcasing AppSec automation work.
• Knowledge of container security (Docker, Kubernetes).
• Knowledge of cloud environments (GCP/AWS/Azure).
• Exposure to threat modeling frameworks (STRIDE).