be Group

Overview of job

Application Security Engineer: (1 Headcount)

1. Penetration Testing and Vulnerability Assessment:

• Perform advanced penetration testing on web applications, mobile applications, networks, and IT infrastructure.
• Identify security vulnerabilities and assess their potential impact.
• Conduct manual and automated security testing.
• Simulate real-world attack scenarios to evaluate the effectiveness of existing security controls.

 2. Security Assessment and Reporting:

• Document and report vulnerabilities along with comprehensive risk assessments and remediation recommendations.
• Develop detailed and structured penetration testing reports for stakeholders.
• Provide post-assessment debriefings to management and technical teams.

 3. Security Tooling and Automation:

• Develop, maintain, and enhance automated security testing frameworks.
• Evaluate and implement new tools and technologies to improve penetration testing capabilities.

4. Research and Innovation:

• Keep abreast of emerging threats, vulnerabilities, and industry best practices.
• Develop and share knowledge on new attack vectors, techniques, and mitigation strategies.

5. Collaboration and Support:

• Work closely with PO, SRE, developers, and security teams to resolve identified vulnerabilities.
• Participate in incident response and forensic analysis when required.
• Assist in the development of security policies and procedures.

Operation Security Engineer: (1 Headcount)

1. Security Operations & Monitoring

• Implementation, Oversee and fine-tune SIEM (Security Information and Event Management) solutions to detect and respond to security incidents.
• Monitor network, endpoint, and cloud environments for vulnerabilities, threats, and anomalies.
• Investigate security alerts and take proactive steps to prevent potential breaches.
• Implement Security Orchestration, Automation, and Response (SOAR) tools to enhance incident response efficiency.

2. Threat Detection & Incident Response

• Lead incident response activities, including threat containment, eradication, and recovery.
• Conduct forensic investigations and root cause analysis on security incidents.
• Develop and maintain Incident Response Plans (IRP) and ensure team readiness for cyber-attacks.
• Collaborate with SOC teams to enhance threat intelligence capabilities.

3.  Vulnerability & Patch Management

• Regularly conduct vulnerability assessments and penetration testing on internal and external systems.
• Work with DevOps, IT, and product teams to remediate security weaknesses.
• Ensure timely patching and updates to reduce attack surface.

4. Security Hardening & Compliance

• Implement best practices for system hardening across Windows, Linux, cloud, and container environments.
• Enforce security configurations in line with NIST, ISO 27001, CIS Benchmarks, and other industry standards.
• Ensure compliance with Vietnamese cybersecurity regulations and global security frameworks.

5.  Cloud & Application Security

• Secure cloud-based environments (GCP, Azure) and ensure secure DevOps (DevSecOps) practices.
• Work closely with developers to integrate application security testing (SAST, DAST, IAST) into CI/CD pipelines.
• Conduct security architecture reviews to identify potential risks in new applications and systems.

Benefits

• 13th salary
• Social Insurance
• Medical healthcare
• Annual health check
• 15 days annual leave
• Transportation fee (BE's services)
• Performance bonus
• Holiday bonus
• Team Building and many engagement activities