Security Specialist - Pentester

Company Description

KMS Technology was established in 2009 as a U.S.-based software services company. With development centers in Vietnam and Mexico, we have been trusted globally for the superlative quality of our software consulting & development services, technology solutions, and engineers' expertise. We pride ourselves on creating brilliant solutions for our clients by leveraging deep expertise, advanced technologies, and delivery excellence for a shared success where everyone can reach their fullest potential. With three Business Lines:

• KMS Software: Leverage software domain expertise to help clients make better business decisions in technology platforms, increase speed-to-market, and gain critical development support through innovative technology solutions.

• KMS Solutions: Empower BFSI businesses to embrace the digital finance revolution and expedite clients’ journey towards complete digitalization, technology consulting, data analytics, software development, and software quality.

• KMS Healthcare: Build transformative next-gen technologies to solve healthcare’s most challenging problems, providing innovative tools and expertise to providers, payers, life sciences, and medical technology vendors.

Job Description

Job Duties and Key Responsibilities:

• Conduct Penetration Testing for Web Apps, Mobile Apps, Network and system pentest.
• Run scheduled static code scans (SAST) across all relevant repositories (e.g., GitHub, GitLab, Bitbucket).
• Detecting zero-days vulnerability from security community, vendors, analysis impact, research & testing exploit to have solution for mitigation.
• Stay up-to-date with the latest security trends, vulnerabilities, and industry best practices.
• Support ISMS Team to maintain and improve the current practices by following industrial standards such as: ISO 27001 family, SOC 2, HIPAA, PCI-DSS.

Qualifications

Knowledge and skills

• 0.5 -1 years of experience in penetration testing (OWASP Top 10 Web, Mobile Apps & Systems, Cloud)
• Understanding of web applications (HTTP, cookies, sessions)
• Secure coding review (e.g., Java, JavaScript, Python).
• Proficient use of testing tools: Burp Suite Pro, Nmap, Metasploit, Wireshark, ZAP, Nessus..
• Ability to identify and exploit vulnerabilities with a methodology.
• Knowledge and proficiency in (Python, PHP, ASP) programming languages ​​are an advantage.
• Ability to think analytically.
• Passionate about information security, eager to learn, good at self-study
• Good at English in communication skills including oral and written so can communicate with US Clients.

Education/Training Preferred:

• Bachelor’s degree in Information Technology or equivalent work experience.
• Security certificate: Security+, CEH, CHFI, ECIH, or other equivalent certificates is advantageous.
• Practicing the penetration testing labs platform (HTB,Offensive Security, Tryhackme, VirtualHackingLab) is a plus.
• IT certificate: MCSE, LPI, CCNA, CCNP is also a plus.
• English proficiency required: Intermediate (B1) level or higher.

Additional Information

• Working in one of the Best Places to Work in Vietnam, Top 10 ITC Company in Vietnam
• Flexible working model: Flexible time & Hybrid working from Ho Chi Minh or Da Nang city or working remotely from any location in Vietnam
• Attractive Salary & Benefits, full salary in probation, social insurance on full gross salary
• Performance appraisal twice a year, 13th-month salary and performance bonus
• Premium healthcare insurance for you and your loved ones
• Working 5 days/week , from Monday to Friday
• 18+ paid leave days/year
• Diverse careers opportunities with Software Services, Software Product Development
• Working and growing in a values driven, international working environment and standard Agile culture with passionate and talented teams
• Onsite opportunities: short-term and long-term assignments in U.S
• Various training on hot-trend technologies, best practices and soft skills
• Company trip, big annual year-end party every year, team building, etc.
• Fitness & sport activities: football, tennis, table-tennis, badminton, yoga, swimming…
• Joining community development activities: 1% Pledge, charity every quarter, blood donation, public seminars, career orientation talks,…
• Free in-house entertainment facilities (football, ping pong, gym…), coffee, and snacks (instant noodles, cookies, candies…)

And much more, join us and let yourself explore other fantastic things!