Introduction
Con Cung is the biggest omni-channel company for mom &
baby with 600 retail stores in Vietnam in 2021 and plan to have 1,000 stores by 2023 with 1 billion USD
revenue. Con Cung's annual growth rate is more than 70%. With the vision of providing good quality products
for children, Con Cung is strongly investing into Product Research and Development in order to
manufacture and provide products that are suitable to the local market in terms of pricing and quality. We also
invest into technology in order to manage the network and online channel efficiently. Con Cung Corporation also develops in-house cutting-edge
automation and intelligence technologies. We are seeking for young, smart & dynamic talents to
grow your career together with us.
Job Description
We are seeking an Application Security Engineer to build and
develop our application security capability. The core mandate is security:
defining how the organization designs, builds, and ships software securely —
spanning secure SDLC, DevSecOps, security architecture and design, application security
testing, and developer enablement. The engineer drives security into the
development lifecycle and CI/CD pipelines and fundamentally reduces security
risk in software.
Key Responsibilities
- Security by Design: Threat modeling, secure design review,
security requirements; collaborate with architects to embed security into application design.
- Security Architecture & Solutions: Recommend and
implement security controls appropriate to each application's risk profile —
e.g., WAF, API security, mobile app hardening (RASP / anti-tampering).
- Application Security Testing: Operate SAST/DAST/SCA/SBOM
tooling; triage findings, eliminate false positives, validate exploitability,
and prioritize remediation by real risk.
- Secure SDLC & DevSecOps Integration: Embed security
gates and automated checks into CI/CD pipelines.
- AppSec Maturity (OWASP SAMM): Run SAMM assessments, define
the maturity roadmap, and measure improvement over time.
- Developer Enablement: Secure coding training và Security
Champions program.
Job Requirements
We are looking for a highly motivated person with:
- 2-3+ years of experience with Application Security
Engineering or related Security roles.
- Solid foundation in application security: OWASP Top 10 and
beyond — common vulnerability classes, ability to read code and understand why
a finding is (or isn't) exploitable.
- Hands-on secure SDLC & secure design: threat modeling,
secure design review, security requirements.
- Strong understanding of SAST, DAST, SCA and SBOM tooling —
interpreting results, triaging false positives, prioritizing by risk.
- Ability to select the right tool for the right context
(judgment, not tool-operation).
- Working knowledge of CI/CD and automation as the delivery
medium (Python/Bash).
- Excellent collaboration and communication skills, with the
ability to work closely with developers, architects, and operations teams.
- A proactive attitude & the ability to think outside of
the box
- Works in an organised, structured manner
- Can do attitude, gets things done
- Excellent communication skills with diverse audiences
- Strong critical thinking and analytical skills
Nice-to-have:
- Practical OWASP SAMM (or BSIMM) implementation experience.
- Security architecture experience: WAF, API security, mobile
app shielding/RASP.
- Awareness of secure-by-design frameworks/regulations: NIST
SSDF, EU Cyber Resilience Act.
- A relevant AppSec/offensive cert (OSWE, eWPTX, GWAPT, Burp
Suite Certified, CSSLP) — tín hiệu lọc nền tảng security.
- IaC security (Terraform/K8s/Helm), cloud security, English.
Benefit
- Annual bonus: 2 - 3 months under minimum KPI
requirement
- Fast promotion opportunities based on personal ability
- Work in a dynamic, open, creative environment
- Regular training, company team building, birthday bonus
About Concung.com
- Working time: 8:30 - 17:30 Monday - Friday
- Working place: 6th Floor, 9 Nguyen Trai Street, Pham
Ngu Lao Ward, District 1, Ho Chi Minh City
DevOps Engineer
