We’re looking for an Information Security Engineer to join our Red Team at Zalo. As an information Security Engineer, you will help build security tools, monitoring systems, and infrastructure at the high-level security standard. You will perform technical security assessments, code reviews, and vulnerability testing to highlight and mitigate risks. You will work closely with other engineers, audit vendors to design and build a proactive system to enhance the security of our infrastructure and systems.
What you will do
- Perform technical security assessments, code audits, and design reviews;
- Exploit security flaws and vulnerabilities with attack simulations on multiple application platforms like Android, iOS, and Web;
- Ability to flow from black box to grey box to white-box tests;
- Ability to effectively work with the engineering teams to provide technical risk. assessment of technologies in networks, applications, code reviews in the release management cycle;
- Ability to perform vulnerability assessments and penetration testing, utilizing tools - commercial and open source;
- Perform, review, and analyze security vulnerability data to identify applicability and false positives;
- Write technical reports that include suggested resolutions for identified problem areas and perform the operational risk assessment;
- Perform information security due diligence during vendor onboarding;
- Collaborate with other departments in their security requirements;
- Other tasks assigned by Line Manager.
What you will need
- Love to be a member of "Red Team" & passionate in pentest;
- Practical experience with Information Security;
- Practical experience with OWASP top 10;
- Practical experience with Security Pen Testing methodologies including automated scans and manual methods;
- Practical experience with some Pentest Tools including Burp, Nmap, Frida, Cycript, IDA etc;
- Experience with at least one Language: Java, Python, C, Go;
- Experience with security issues in Java or Mobile is a plus;
- Experience with reproduce 1day is a plus;
- Experience with Reverse Engineering a plus.