About the company
Started since 2007, VNLIFE is a diverse ecosystem of leading companies driving transformations in both traditional and growing demand sectors in the economy such as tourism, logistics, commerce, and constantly expanding its presence beyond Vietnam to Singapore, Myanmar and Cambodia.
- Architect, design, implement, maintain and operate VNLife information system (IS) security controls and improvements to sharpen our capabilities to defend against attackers in a fast-paced environment. Document the operation, use, and expected outputs of these systems.
- Analyze and recommend IS security controls and procedures, provide oversight to ensure compliance.
- Analyze and recommend security controls and procedures in business processes related to use of IS and data assets, provide oversight to ensure compliance.
- Monitor IS for security incidents and vulnerabilities; develop monitoring and visibility capabilities; report on incidents, vulnerabilities, and trends to management.
- Design & oversee the response to IS security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; engage, interact and coordinate with third-party incident responders, including law enforcement.
- Set up & oversee the administration of authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets.
- Assess trends, news and changes in the threat and compliance environment; advise organization management and develop and execute plans for compliance and mitigation of risk; oversee risk and compliance self-assessments, and engage and coordinate third-party risk and compliance assessments.
- Perform investigations on a wide variety of events from various sources to determine whether they pose a threat to VNLife. Work with teams in the VNLife Ecosystem to implement protection & detection capabilities and logging sources.
- Develop and oversee IS governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information systems.
- Build tools and infrastructure to support realistic offensive security exercises.
- Build transparency and openness within the organization.
- Give technical direction and nurture teams based in different locations, e.g.: Ha Noi, Viet Nam
Minimum qualification (Exact responsibilities vary with levels)
- Understand cybersecurity offensive and defensive strategies. Able to design security architecture and develop standards for large-scale and complex infrastructure; Possess broad infrastructure knowledge and corresponding processes on-prem and on cloud.
- Coding/scripting experience in at least 1 general purpose language. Technical knowledge of security engineering, computer and network security, authentication, security protocols and applied cryptography. Development of security tools, automation or frameworks.
- Understand legal, information security, and privacy frameworks (e.g., ISO 27001 and Safe Harbor Frameworks). Experience with PCI DSS, P2PE, PSD2, and Open Banking technologies. Experience in digital forensics.
- Experience with Single Sign On - federation, Kerberos, cryptography, RADIUS and Multi-Factor Authentication as well as SSO solutions (development and deployment of solutions providing AuthN and AuthZ services). Automation, scripting (PowerShell, Java, Golang, React, etc...), account and privileged access management and API's.
- Experience analyzing malicious traffic and mitigation methods, conduct root-cause analysis, assess and articulate risk to management. Experience in application-level vulnerability testing and code-level security auditing.
- CISSP or relevant certification
- Experience analyzing the security of systems (penetration testing, application security testing, vulnerability scanning, threat modeling, etc.). Experience with signals development, threat hunting, and threat modeling. Relevant work experience in red teaming.
- Experience with malware analysis, discovering new leads, and tracking elusive actors, including investigations of botnet and rootkit behavior.
- Experience in application and service security, including design reviews, and source code assessments.
- Experience in leading analysis of large datasets and intrusion detection systems.