Back

Senior/Lead Security Engineer, Zalo

Hồ Chí Minh
Full-time

We are looking for a Security Engineer to strengthen our application and infrastructure security capabilities across the development lifecycle. This role focuses on building and maintaining security gates, conducting security testing, analyzing vulnerabilities, and improving supply chain security within our software ecosystem.

The Security Engineer will work closely with development teams to identify vulnerabilities early, enforce security standards, and ensure secure software delivery pipelines. The role also involves researching new security threats and implementing preventive measures to continuously enhance the organization’s security posture.

🤖 What you will do

  • Design and implement Security Gate frameworks in CI/CD pipelines, including secret detection (GitLeaks), dependency scanning, and performance optimization of security tools.
  • Conduct security testing and research, including network security testing (MITM, ARP Spoofing) and Docker/container security testing (Privilege Escalation, HoneyPot).
  • Analyze and triage vulnerabilities from CodeQL and other security scanning tools, and work with development teams to drive remediation.
  • Perform security reviews of Docker images, binaries, and artifacts stored in Harbor; manage approval workflows for artifact downloads.
  • Manage software supply chain security, including CVE scanning, vulnerability tracking, and coordinating fixes.
  • Develop and maintain custom CodeQL queries based on vulnerabilities discovered by Red Team or external security research.
  • Continuously research emerging security threats and improve detection and prevention mechanisms

👾 What you will need

  • 5+ years of experience in DevSecOps or Software Engineer and 3+ years of experience in Security Engineering
  • Strong knowledge of secure software development lifecycle (SSDLC) and CI/CD security integration.
  • Hands-on experience with CodeQL, SAST tools, and secret scanning tools (e.g., GitLeaks).
  • Experience with container and Docker security, container registries (e.g., Harbor), and vulnerability scanning.
  • Solid understanding of network security concepts and attack techniques (e.g., MITM, ARP Spoofing).
  • Experience in CVE analysis, vulnerability management, and supply chain security.
  • Ability to write custom security rules or queries and automate security processes.
  • Strong analytical, problem-solving, and cross-team collaboration skills.

Related jobs

Take a look inside
<fhcidrcihnhg__bpyrzoscsecsvs/>

Our interview process is all about getting to know each other. Come prepared to showcase your hard work, skills, and achievements, and get a better understanding of what it’s like to work at Zalo group.

Why
<tckhnorofsde/>
Zalo?

Life at <zZdaglfo/>