Responsibilities:
1. Security Operations & Monitoring
- Implementation, Oversee and fine-tune SIEM (Security Information and Event Management) solutions to detect and respond to security incidents.
- Monitor network, endpoint, and cloud environments for vulnerabilities, threats, and anomalies.
- Investigate security alerts and take proactive steps to prevent potential breaches.
- Implement Security Orchestration, Automation, and Response (SOAR) tools to enhance incident response efficiency.
2. Threat Detection & Incident Response
- Lead incident response activities, including threat containment, eradication, and recovery.
- Conduct forensic investigations and root cause analysis on security incidents.
- Develop and maintain Incident Response Plans (IRP) and ensure team readiness for cyber-attacks.
- Collaborate with SOC teams to enhance threat intelligence capabilities.
3. Vulnerability & Patch Management
- Regularly conduct vulnerability assessments and penetration testing on internal and external systems.
- Work with DevOps, IT, and product teams to remediate security weaknesses.
- Ensure timely patching and updates to reduce attack surface.
4. Security Hardening & Compliance
- Implement best practices for system hardening across Windows, Linux, cloud, and container environments.
- Enforce security configurations in line with NIST, ISO 27001, CIS Benchmarks, and other industry standards.
- Ensure compliance with Vietnamese cybersecurity regulations and global security frameworks.
5. Cloud & Application Security
- Secure cloud-based environments (GCP, Azure) and ensure secure DevOps (DevSecOps) practices.
- Work closely with developers to integrate application security testing (SAST, DAST, IAST) into CI/CD pipelines.
- Conduct security architecture reviews to identify potential risks in new applications and systems.
Requirements:
1. Education & Experience
- Bachelor’s degree in information security, Computer Science, Risk Management, or related fields.
- 3 + years of experience in Security Operations (SecOps), Incident Response, or Cloud Security.
- Experience with SOC operations, threat hunting, and security automation.
- Strong knowledge of intrusion detection systems (IDS/IPS), firewalls, and endpoint protection.
- Hands-on experience with SIEM (Splunk, ELK, QRadar, Microsoft Sentinel, etc.).
- Familiarity with offensive security tools (Kali Linux, Metasploit, Burp Suite) and defensive tools (EDR, XDR, WAF).
2. Technical & Soft Skills
- Strong knowledge of cyber threat intelligence, malware analysis, and digital forensics.
- Proficiency in scripting (Python, Bash, PowerShell) for automation.
- Understanding of zero-trust security models, IAM, and privileged access management.
- Excellent problem-solving skills and the ability to handle high-pressure situations....