DevSecOps Engineer

Security Engineering & Operations

• Conduct regular penetration tests and vulnerability assessments.
• Monitor security alerts and logs to detect and respond to threats.
• Manage vulnerability scanning tools and patching cycles.

Access & Authentication

• Implement SSO (Google Login) across all services.
• Enforce MFA, RBAC, and the principle of least privilege.
• Strengthen API authentication and authorization mechanisms.

Cloud & Infrastructure Security

• Secure AWS/GCP resources, including networking and IAM.
• Integrate security checks into CI/CD pipelines.
• Apply Infrastructure-as-Code (IaC) security best practices.

Governance, Compliance & Awareness

• Develop and enforce security policies and internal documentation.
• Support internal audits and compliance efforts (HIPAA, GDPR).
• Lead security awareness and training programs for staff.

Incident Response & Improvement

• Develop and maintain an incident response plan.
• Provide ongoing recommendations for enhancing security posture.
• Stay current with emerging threats and solutions.

Compensation & Benefits

• Competitive salary with 13th-month pay and performance bonus.
• Full social insurance coverage and premium healthcare benefits.
• Paid sick leave, maternity leave, and vacation days.

Work Environment

• Agile-Scrum methodology with flexible work hours.
• Talented people from all over Vietnam and the world.
• International team for global career growth.
• State-of-the-art equipment provided.
• Beautiful working environment near Danang's city center (Dragon Bridge) and Hanoi office.

Health & Wellness

• PVI health care program & annual health checks.
• Sports clubs (football, badminton) & company retreats.
• Modern pantry for relaxation.

Professional Growth

• Training, mentoring & e-learning opportunities.
• Performance reviews annually.
• Potential opportunities to join a fast-growing company.

• 3+ years in DevOps, Cloud Infrastructure, or Security Engineering.
• Hands-on experience with AWS or GCP and IaC tools (e.g., Terraform).
• Strong knowledge of Linux, containers, CI/CD, and SAST/DAST tools.
• Experience with security audits, frameworks, and controls.
• Ability to balance security with engineering velocity.
• Excellent communication and cross-functional collaboration skills.
• Ability to work in a high pressure, startup environment.

[Nice to have]

• Experience with multi-region microservices architect, big data or AI stack.
• Prior experience in HIPAA/GDPR-compliant environments.
• Knowledge of least privilege principles (PoLP).
• Familiarity with SOC 2 certification processes.
• Certifications (e.g., CISSP, CISM, Security+, AWS Security).