Himalayas logo
PK
Open to opportunities

Phú Hoàng Kim

@phhongkim

I am a Security Engineer specializing in red teaming, DevSecOps, and custom security tooling.

Vietnam
Message

What I'm looking for

I seek hands-on roles focused on red teaming, security tool development, and DevSecOps automation within security-first teams that value impact, mentorship, and growth.

I am a dedicated Security Engineer with 3+ years of progressive experience across penetration testing, red team operations, malware research, and DevSecOps practices.

I currently lead security initiatives at HD Saison, conducting assessments across 25+ systems including AWS and on-premise infrastructure, and I architected a real-time Phishing Domain Monitor using Docker Compose and Django.

My background includes building an Attack Surface Management platform, advanced penetration testing, custom security tooling, and automating CI/CD security stages with Jenkins, SonarQube, and Trivy—reducing manual review time by 70%.

I prioritize practical tool development, knowledge transfer through training, and regulatory compliance, and I seek to drive measurable security improvements while advancing offensive-security research.

Experience

Work history, roles, and key accomplishments

HS
Current

Security Team Leader

HD Saison

Mar 2025 - Present (7 months)

Led security initiatives conducting secure code reviews, vulnerability assessments, and penetration testing across 25+ systems (cloud and on-prem). Architected a real-time Phishing Domain Monitor and integrated automated Jenkins CI/CD security stages, reducing manual security review time by 70% and ensuring SBV compliance.

Penetration TestingJenkinsSonarQubeTrivyDocker ComposePythonAWSSecurity Policy
EC

RedTeam Specialist

Esecure Solution Limited Company

Mar 2024 - Mar 2025 (1 year)

Executed advanced penetration testing campaigns against web, mobile, and network targets, identifying critical vulnerabilities and delivering remediation guidance. Researched malware development and evasion techniques and delivered RedTeam training to internal and partner teams.

Penetration TestingCobalt StrikeMetasploitVulnerability ResearchReporting
EC

R&D Specialist

Esecure Solution Limited Company

Jul 2023 - Mar 2024 (8 months)

Architected and developed an Attack Surface Management platform with automated subdomain discovery, endpoint fuzzing, and web vulnerability scanning. Built large-scale data engineering pipelines, implemented Docker-based deployments, and researched AI-driven automated penetration testing techniques.

Subdomain DiscoveryDocker ComposeData EngineeringFuzzing TechniquesPythonCI CD
EJ

Penetration Tester

ETC Technology System JSC

Mar 2022 - Jun 2023 (1 year 3 months)

Performed comprehensive web and mobile application penetration tests and network integrity assessments while developing Python automation tools to improve scanning efficiency. Integrated Burp Suite with SIEM ingestion, collaborated with SOC teams, and configured enterprise firewalls (Sophos, FortiGate).

Mobile App TestingBurp suitePythonSplunkSophosPhishing

Education

Degrees, certifications, and relevant coursework

FPT University logoFU

FPT University

Bachelor of Information Assurance, Information Assurance

Grade: 3.34/4

Activities and societies: 50% merit-based scholarship; Top 5 Most Excellent Student in Information Technology (2022); Top 10 FPT Secathon (2022); Top 10 FPT Software Hacking CTF (2022)

Completed a Bachelor of Information Assurance at FPT University (graduated 2024) with a 3.34/4 GPA and received a 50% merit-based scholarship; recognized among the Top 5 students in Information Technology and placed in Top 10 in multiple security competitions.

Tech stack

Software and tools used professionally

Splunk logo

Splunk

SonarQube logo

SonarQube

Docker Compose logo

Docker Compose

Jenkins logo

Jenkins

Gmail logo

Gmail

Django logo

Django

Java logo

Java

PHP logo

PHP

PowerShell logo

PowerShell

Linux logo

Linux

Windows logo

Windows

Windows Server logo

Windows Server

Sophos logo

Sophos

VMware ESXi logo

VMware ESXi

Burp Suite logo

Burp Suite

Metasploit logo

Metasploit

Trivy

Availability

Open to opportunities

Location

Vietnam

Authorized to work in

Vietnam

Job categories

Security EngineerRed Team SpecialistPenetration TesterDevSecOps EngineerSecurity ResearcherSecurity Engineering LeadInformation Security EngineerCybersecurity EngineerSecurity Software EngineerSenior Security EngineerNetwork Security EngineerSecurity Operations EngineerEnterprise Security EngineerCloud Security EngineerProduct Security Engineer

Skills

Penetration TestingRed Team OperationsVulnerability ResearchCobalt StrikeMetasploitAdvanced Social EngineeringOWASP Top 10SASTDASTThreat ModelingCode ReviewAPI TestingOAuthSAMLJWTWindows Defender BypassCustom Malware CreationPythonC C++PowerShellBASHGoPHPJavaDjangoDockerDocker ComposeJenkinsSonarQubeTrivyCI CD Security IntegrationPhishingLinuxWindows ServerVMware ESXiQRadarSplunkWindowsSophosBurp suiteGmail

Interested in hiring Phú?

You can contact Phú and 90k+ other talented remote workers on Himalayas.

Message Phú

People also viewed

View all talent

Find your dream job

Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan
Phú Hoàng Kim - Security Team Leader - HD Saison | Himalayas