Security Engineer

What You’ll Be Doing

• Act as the Security Champion for the organization, promote awareness, alignment, and adoption of secure development practices across engineering teams.
• Lead security design reviews and advise engineering teams on best practices for building secure, privacy-conscious solutions.
• Conduct internal security audits, lead awareness initiatives, and deliver training to ensure compliance with company security policies.
• Manage Mobile Device Management (MDM) and various SaaS platforms to maintain secure and compliant environments.
• Enforce a Secure Software Development Lifecycle (SSDLC) within development teams.
• Support ISO 27001 readiness and ongoing compliance efforts by collaborating with leadership and cross-functional teams to implement required controls.
• Provide ad-hoc security guidance for client projects when needed, focusing on frameworks, reviews, and process alignment rather than daily delivery.

Requirements

Must Have

• Minimum of 3 years of experience in a Security Engineer role.
• Strong understanding of security and compliance principles across both development and cloud environments.
• Familiarity with secure development standards and frameworks, including:
• OWASP Top 10 and common threat modeling methodologies
• ISO 27001:2022 security controls
• Secure Software Development Lifecycle (SSDLC) principles
• Experience in supporting internal compliance efforts, conducting internal audits, and aligning teams with policy requirements.
• Knowledge of industry standards and regulations such as ISO 27001, SOC 2, GDPR, CSA (Cloud Security Alliance), HIPAA, and PCI-DSS.
• Excellent written and verbal communication skills in English.

Nice to Have

• Experience ensuring compliance with data privacy laws such as CCPA, HIPAA, and GDPR.
• Knowledge of client-facing security requirements and defining security compliance processes per project.
• Hands-on experience with vulnerability scanning tools (e.g., Nessus, OpenVAS) and strong skills in analyzing scanning reports.
• Understanding of cloud technologies (AWS, Azure, and GCP)
• Familiar with working with API designing standards and databases such as: GraphQL, RestAPI, Postgres, MySQL, Kafka,..
• Understanding and working knowledge of Cloud-native application security concepts.

Benefits

• Three days remote every week and four full remote weeks per year.
• Gold level Health Insurance coverage from Bao Viet Insurance, a yearly complete Health Check and social insurance
• All office benefits and full salary during probation.
• Flexible working time starting anytime up to 10 AM working Monday - Friday with no overtime and a long lunch break.
• Allowance for everything: meals, parking, petrol, along with unlimited snacks and nice coffee every day.
• Choose from a brand-new Mac or PC device.
• Salary review twice a year with opportunities for promotions and spot awards.
• 12 days annual leave per year, with all days not taken paid out in cash, plus 2 sick leave days..
• Yearly Training Budget up to 5 million VND per staff. On top of that, Professional coaching program, buddy system, tech talks, agile sessions, and 1on1 private English classes are available
• Yearly company trip, monthly activities, , and other Celebrations for special days in the year, such as Women’s Day, YEP, and Christmas.
• Employee-led clubs within the company; games teams, sports teams, etc.
• Modern open-space office with comfortable workspace, a PS4 games room, and chill-out areas.