AppSec (DevOps/DevSecOps) Engineer
Thu nhập hấp dẫn
Hạn nộp: 31/12/2025
Introduction
Con Cung is the biggest omni-channel company for mom & baby with 600 retail stores in Vietnam in 2021 and plan to have 1,000 stores by 2023 with 1 billion USD revenue. Con Cung's annual growth rate is more than 70%. With the vision of providing good quality products for children, Con Cung is strongly investing into Product Research and Development in order to manufacture and provide products that are suitable to the local market in terms of pricing and quality. We also invest into technology in order to manage the network and online channel efficiently.
Con Cung Corporation also develops in-house cutting-edge automation and intelligence technologies. We are seeking for young, smart & dynamic talents to grow your career together with us.
Job Description
Job Summary
We are seeking an AppSec/DevSecOps Engineer to help establish and mature our application security and secure development practices. This role will initially focus on standardizing our DevOps pipelines and progressively integrate security into every stage of the software lifecycle. The engineer will support secure software design, application security testing, and developer enablement programs, with the long-term goal of leading our AppSec capability.
Key Responsibilities
- DevOps Standardization: Streamline and standardize the
company’s CI/CD pipelines for cybersecurity projects, preparing the foundation
for DevSecOps integration.
- Secure SDLC Integration: Embed security controls and checks
into software development workflows, from design to deployment.
- Application Security Testing: Implement and maintain SAST,
DAST, SCA, and other testing tools within pipelines; triage and coordinate
fixes with developers.
- Developer Training & Security Champions: Deliver secure coding training, support Security Champions program, and promote security awareness among developers.
- Security by Design: Collaborate with architects and product
teams to ensure applications are designed with security principles in mind
(Threat Modeling, Secure Design Review, Security Requirement).
- Framework & Maturity Models: Contribute to the adoption
of industry standards and frameworks such as OWASP SAMM for measuring and
improving software assurance maturity.
- Continuous Improvement: Proactively recommend enhancements
to DevSecOps tools, processes, and policies to improve resilience and
efficiency.
Job Requirements
We are looking for a highly motivated person with:
- 2-3+ years of experience with DevOps practices (CI/CD,
containerization, cloud-native deployment).
- Experience with DevSecOps integration in modern pipelines
(GitLab CI, Jenkins, GitHub Actions, etc.).
- Familiarity with application security testing tools (SAST,
DAST, SCA, dependency scanning).
- Knowledge of secure software development practices (threat
modeling, secure design principles, OWASP Top 10).
- Strong scripting/automation skills (Python, Bash, or
similar).
- Excellent collaboration and communication skills, with the
ability to work closely with developers, architects, and operations teams.
- A proactive attitude & the ability to think outside of
the box
- Works in an organised, structured manner
- Can do attitude, gets things done
- Excellent communication skills with diverse audiences
- Strong critical thinking and analytical skills
Nice-to-have:
- Exposure to security frameworks such as OWASP SAMM, BSIMM,
or NIST SSDF.
- Experience delivering developer training or mentoring
Security Champions.
- Familiarity with infrastructure as code security (Terraform,
Kubernetes, Helm).
- Cloud security knowledge (AWS, Azure, GCP).
- English communication.
Benefit
- Annual bonus: 2 - 3 months under minimum
KPI requirement
- Fast promotion opportunities based on
personal ability
- Work in a dynamic, open, creative environment
- Regular training, company team building,
birthday bonus
About Concung.com
- Working time: 8:30 - 17:30 Monday - Friday
- Working place: 5th Floor, Con Cưng Super Center, 09 Nguyen Trai Street, Ben Thanh Ward, Dist. 1, HCMC
