The Senior Security QA Engineer is responsible to:
– Analyze security requirements from software development team to define the security software testing strategy;
– Participate in client meetings to discuss and agree on security testing approach and follow it up in new security test opportunities;
– Plan, estimate and perform security testing of application designs, source code and deployments, covering all kinds of applications,web application, web service, mobile application in software development;
– Work with internal IT team to plan, design, implement IT security controls and perform security assessment to ensure security of company information systems and infrastructures;
– Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets;
– Train and mentor QA Engineer on proper selection, design and implementation of Security Testing.
– University level with bachelor degree in computer science or equivalence;
– Has 3+ years of working experience in software testing is an advantage;
– Has 1+ years of hand-on experience in security testing:o Security review and Source code review: Application, web app, mobile app;o Penetration testing : System and network (internal/external, whitebox/blackbox).
– Have knowledge of security principles, techniques and technologies (OWASP Top 10 For Web application or Mobile application);
– Experience performing web/mobile application security testing and using vulnerability testing tools (e.g: ZAP, Acunitex, BurpSuite, Netsparker, N-Stalker, sqlmap, kali linux …);
– Understand the different of communication protocols;
– Understand the telecommunications network which allows computers to exchange data and its encryption;
– Is able to review the source code of applications which are written in C#, Java, PHP,… to find the security risks;
– Good understanding of network protocols, design and operations;
– Good English skills to understand specification (written and oral);
– Excellent problem solving skills and attention to detail;- Strong analytical skills;
– Time management skills;- Ability to work independently;- ISTQB/ISEB Foundation level or equivalence is an advantage;
– Industrial certifications holder : CISSP, CEH, SCP, GIACs, ComTIA Security+ is an advantage.
– Chế độ lương và đãi ngộ hấp dẫn, phúc lợi tốt dành cho Cán Bộ Nhân Viên. (BHXH theo quy định, lương tháng thứ 13…)
– Đặc biệt được hưởng ưu đãi khi sử dụng các hệ thống dịch vụ cao cấp của Tập đoàn Vingroup như: Vinpearl, Vinmec, Vinschool, Vinhomes…..
– Được đào tạo nâng cao nghiệp vụ trong quá trình làm việc.
– Được làm việc trong môi trường chuyên nghiệp, năng động và hiệu quả