Job Summary
Job description
Overview of job
• Identify, highlight and remediate information security risk in the Bank
• Comply with the Bank’s Information Security Policy, Regulations, Standards, and Process
• Provide feedback to enhance the current policies, regulations, standards and processes where necessary
• Communicate and ensure all staff understands and comply with the Information Security Policy, Regulations, Standards and Processes
• Help the organization evolve its application security functions and services
• Responsible for upholding code reviews across all code platforms
• Take charge of bug intake and remediation process for the organization
• Provide leadership for application vulnerability scanning and penetration testing remediation
• Manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Code Analysis tools
• Discover security exposures and develop mitigation plans, and also report and fix the technical debt
• Provide support to the Information Security Manager on all application security activities
• Represent the organization in Information Security programs
• Actively participate in security initiatives with minimum supervision
• Function as a subject matter expert for security solutions within the organization’s platform
• Provide guidance to junior-level security engineers
• Responsible for troubleshooting production issues and performance bottlenecks
• Follow security best practices in performing tasks
• Work closely with cross-functional teams (Engineering, DevOps, DevSecOpsProduct) while carrying out daily tasks
• Contribute to requirement gathering with product teams
• Work together with cross Business Unit teams on executing standardized security solutions and integrations
• Partake in inner sourcing initiatives within the organization
• Provide the appropriate guidance and advisory in the area of Application Security and DevSecOps
• Be able to contribute to the Bank in terms of documentation, transfer of ideas and implementing the plans in the area of Application Security and DevSecOps
Job Requirement
1. Educational Qualifications
• Bachelor's or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry-related curriculum)
• Has appropriate subject matter expertise in their area of information security specialization
• CISSP/GIAC Certifications is preferred
2. Relevant Knowledge/ Expertise
• 8+ years of Information Security, Application Security, Programming, DevOps, Cloud, Computer Science, Data Analytics, or related
• Excellent verbal and written skills with an ability to present technical specifications and solutions.
• Ability to manage working on multiple initiatives in a fast paced agile environment.
• Strong knowledge of secure code development practices.
• Experience working with PHP, Java, Python and JavaScript.
• Strong application development background designing and building robust and scaleable applications with Python or similar languages.
• Experience working in a DevOps environment with an automation first mindset.
• Experience using Jenkins as a CI (Continous Integration) and CD (Continous Deployment) tool.
• Experience using Harness as a CD (Continuous Deployment) tool
• Ability to design and build full stack solutions with Python and React or Vue.js.
• Strong knowledge working with container platforms such as Kubernetes and/or Openshift.
• Experience with SAST (static application security testing), DAST (dynamic application security testing) and IAST (interactive application security testing) tooling.
• Strong knowledge of OWASP practices
• Knowledge of authentication protocols such as OAuth, OpenID Connect, SAML and PKI.
3. Skills
• Have ability to read and understand the professional documents in English.
• Strong interpersonal and communication skill
• Be able to catch up and manage works quickly and effectively
• Be able to work independently with high pressure, good in teamwork
• Careful, responsible, and secure in protecting information/data belong to Bank
• Good knowledge of risk management principles, methodology and practice
• Preferred Fluent in English
4. Relevant Experience
• Stakeholder expectation management
• People Management
• Risk Management
• Budget Management
Languages
-
English
Speaking: Intermediate - Reading: Intermediate - Writing: Intermediate
Technical Skill
- Information Security
- Python
- DevOps
- Java
- JavaScript
- PHP
- Cryptography
- OAUTH
- Harness
- Jenkins
- VueJS
- ReactJS
- Kubernetes
- CISSP
- OWASP
- OpenShift
- GIAC
- Security Testing
- CI/CD
COMPETENCES
- Risk Management
- Agile
- Dynamic
- Communication Skills
- Working Independently
- Teamwork
- Friendly
- Interpersonal Skills
- Careful
- Responsible
BUSINESS PROFILE
VPBank (Vietnam Prosperity Joint-Stock Commercial Bank) is one of the earliest-established Joint-stock Commercial banks in Vietnam with over 200 transaction points nationwide.
VPBank was established in 1993. As a member of the group of 12 leading banks in Vietnam (G12), VPBank is taking steps to reaffirm its reputation as a dynamic bank with stable financial capacity and responsibility to the community. To achieve this ambitious vision, VPBank has implemented an aggressive growth strategy for the period 2012 - 2017 with the support of McKinsey, one of the world’s leading consulting companies. Accordingly, VPBank will focus on organic growth in targeted customer segments, build up foundation systems expeditiously to serve its growth needs, and monitor opportunities in the market actively.
The development of human resources is one of the key activities in the development strategy of our bank. At VP Bank, the staff are working in a dynamic and professional environment, and we also organize the training courses for enhancing the employees's skills and bring the promotion opportunities to all staff of the bank.