Dai-ichi Life Vietnam

Tóm tắt công việc

We are looking for an Application Security professional with strong expertise in Threat Modelling and Secure Design to help embed security into the application development lifecycle. 

This role works closely with development, architecture, and business teams to identify security risks early and ensure applications are designed securely and in compliance with DLVN standards.

KEY RESPONSILBILITIES 

Threat Modelling (35%): 

• Lead threat modelling sessions with development and business teams
• Apply methodologies such as STRIDE and PASTA
• Document threats, risks, and mitigation plans

Secure Design (30%):

• Provide security input during application and API design reviews
• Define and promote reusable secure design patterns
• Support developers in integrating security controls early

Collaboration & Enablement (20%):

• Work with Agile teams to embed security requirements
• Deliver training/workshops on secure design and threat awareness
• Communicate security risks clearly to both technical and business stakeholders

Governance & Compliance (15%):

• Ensure threat modelling aligns with SSDLC checkpoints
• Support audits and compliance documentation
• Contribute to improving Application Lifecycle Management and Technology Standards policies.

• Salary for 13th month, Bonus & Special Bonus
• Full of social welfare under Vietnamese Labor Law (Insurance, annual leave, ...)
• Healthcare for yourself & Your Family
• Annual travel and team building activities
• 15-16 annual leave days
• Company will buy Life Insurance Contract for yourself after 1 year working
• Training: Trained in soft and technical skills
• International, challenging, and friendly working environment

• Bachelor’s degree in IT, Computer Science, or related field
• 4+ years of experience in application security or secure architecture
• Hands-on experience with threat modelling (STRIDE, PASTA, etc.)
• Strong knowledge of OWASP Top 10 and modern application architectures (APIs, microservices, cloud)
• Excellent communication and facilitation skills
• Experience in DevSecOps environments
• Knowledge of cloud security (Azure/AWS/GCP)
• Security certifications (CISSP, CSSLP, etc.)
• Good command of spoken and written English