KMS Technology logo

Security Specialist - Pentester

KMS Technology
Full-time
On-site
Ho Chi Minh, Ho Chi Minh, Vietnam
Information Security

Company Description

KMS Technology was established in 2009 as a U.S.-based software services company. With development centers in Vietnam and Mexico, we have been trusted globally for the superlative quality of our software consulting & development services, technology solutions, and engineers' expertise. We pride ourselves on creating brilliant solutions for our clients by leveraging deep expertise, advanced technologies, and delivery excellence for a shared success where everyone can reach their fullest potential. With three Business Lines:

  • KMS Software: Leverage software domain expertise to help clients make better business decisions in technology platforms, increase speed-to-market, and gain critical development support through innovative technology solutions.
  • KMS Solutions: Empower BFSI businesses to embrace the digital finance revolution and expedite clients’ journey towards complete digitalization, technology consulting, data analytics, software development, and software quality.
  • KMS Healthcare: Build transformative next-gen technologies to solve healthcare’s most challenging problems, providing innovative tools and expertise to providers, payers, life sciences, and medical technology vendors.

Job Description

Job Duties and Key Responsibilities:

  • Conduct Penetration Testing for Web Apps, Mobile Apps, Network and system pentest.
  • Run scheduled static code scans (SAST) across all relevant repositories (e.g., GitHub, GitLab, Bitbucket).
  • Detecting zero-days vulnerability from security community, vendors, analysis impact, research & testing exploit to have solution for mitigation.
  • Stay up-to-date with the latest security trends, vulnerabilities, and industry best practices.
  • Support ISMS Team to maintain and improve the current practices by following industrial standards such as: ISO 27001 family, SOC 2, HIPAA, PCI-DSS.

Qualifications

Knowledge and skills

  • 0.5 -1 years of experience in penetration testing (OWASP Top 10 Web, Mobile Apps & Systems, Cloud)
  • Understanding of web applications (HTTP, cookies, sessions)
  • Secure coding review (e.g., Java, JavaScript, Python).
  • Proficient use of testing tools: Burp Suite Pro, Nmap, Metasploit, Wireshark, ZAP, Nessus..
  • Ability to identify and exploit vulnerabilities with a methodology.
  • Knowledge and proficiency in (Python, PHP, ASP) programming languages ​​are an advantage.
  • Ability to think analytically.
  • Passionate about information security, eager to learn, good at self-study
  • Good at English in communication skills including oral and written so can communicate with US Clients.

 Education/Training Preferred:

  • Bachelor’s degree in Information Technology or equivalent work experience.
  • Security certificate: Security+, CEH, CHFI, ECIH, or other equivalent certificates is advantageous.
  • Practicing the penetration testing labs platform  (HTB,Offensive Security, Tryhackme, VirtualHackingLab) is a plus.
  • IT certificate: MCSE, LPI, CCNA, CCNP is also a plus.
  • English proficiency required: Intermediate (B1) level or higher.

Additional Information

  • Working in one of the Best Places to Work in Vietnam, Top 10 ITC Company in Vietnam
  • Flexible working model: Flexible time & Hybrid working from Ho Chi Minh or Da Nang city or working remotely from any location in Vietnam
  • Attractive Salary & Benefits, full salary in probation, social insurance on full gross salary
  • Performance appraisal twice a year, 13th-month salary and performance bonus 
  • Premium healthcare insurance for you and your loved ones
  • Working 5 days/week , from Monday to Friday
  • 18+ paid leave days/year
  • Diverse careers opportunities with Software Services, Software Product Development
  • Working and growing in a values driven, international working environment and standard Agile culture with passionate and talented teams
  • Onsite opportunities: short-term and long-term assignments in U.S
  • Various training on hot-trend technologies, best practices and soft skills
  • Company trip, big annual year-end party every year, team building, etc.
  • Fitness & sport activities: football, tennis, table-tennis, badminton, yoga, swimming…
  • Joining community development activities: 1% Pledge, charity every quarter, blood donation, public seminars, career orientation talks,…
  • Free in-house entertainment facilities (football, ping pong, gym…), coffee, and snacks (instant noodles, cookies, candies…)

And much more, join us and let yourself explore other fantastic things!