Apply now »

Senior Security Engineer (PenTest)

Senior Security Engineer (PenTest)

Custom Field 1:  Backend Development
Custom Field 3:  Backend Development
Country/Region:  VN
Date:  Jul 2, 2026
Location: 

Ho Chi Minh City, VN, 700000 Hanoi, VN, 10000

Working place:  Hybrid

About GFT

GFT Technologies is an AI-centric global digital transformation company. We design advanced data and AI transformation solutions, modernize technology architectures and develop next-generation core systems for industry leaders in Banking, Insurance, Manufacturing and Robotics. Partnering closely with our clients, we push boundaries to unlock their full potential. With deep industry expertise, cutting-edge technology, and a strong partner ecosystem, GFT delivers responsible AI-centric solutions that combine engineering excellence, high-performance delivery and cost efficiency. Our team of 12,000+ technology experts operates in 20+ countries worldwide offering career opportunities at the forefront of software innovation.

Role Summary

As a Senior Security Engineer at GFT, you will play a key role in strengthening the security posture of banking applications, APIs, cloud platforms, infrastructure, and digital systems. You will lead and support security assessments, identify and validate risks, drive remediation, and help embed security best practices across the software development lifecycle.

Working closely with security, engineering, DevOps, architecture, and business teams, you will deliver hands-on security engineering across web, mobile, API, network, and cloud environments. This role requires strong technical security expertise, experience working within regulated financial services environments, and the ability to balance proactive security engineering with practical business delivery. Flexibility to work onsite at client locations when required is expected.

Role Responsibilities

  • Design, implement, and support security controls across applications, APIs, cloud platforms, infrastructure, and banking systems.
  • Conduct security assessments, vulnerability assessments, and penetration testing across web, mobile, API, network, and cloud environments.
  • Identify, validate, and document security vulnerabilities, including weaknesses related to authentication, authorisation, encryption, access control, session management, input validation, secrets management, and business logic.
  • Partner with engineering, DevOps, and architecture teams to embed security controls and best practices into solution design, development, CI/CD pipelines, and production environments.
  • Support secure SDLC activities including threat modelling, security design reviews, release security validation, and remediation planning.
  • Review security posture across banking workflows, including payments, cards, accounts, AML/KYC, fraud management, and digital banking services.
  • Produce clear security findings and risk reports with technical details, business impact, prioritised remediation recommendations, and validation outcomes.
  • Work closely with development and platform teams to explain findings, support remediation, and validate fixes through retesting and assurance activities.
  • Support vulnerability management processes, including triage, exploitability analysis, remediation tracking, and false-positive validation.
  • Contribute to cloud and infrastructure security initiatives across AWS, Azure, or GCP environments, including IAM, logging, monitoring, hardening, and secure configuration.
  • Support compliance and audit activities by providing security evidence, remediation status, and alignment to internal and regulatory security requirements.
  • Stay current with emerging threats, attack techniques, defensive controls, and security engineering best practice, particularly within banking and financial services.

Required Skills

  • Strong hands-on experience in security engineering, application security, vulnerability management, and security assessments across web, mobile, API, infrastructure, and cloud environments.
  • Experience conducting or supporting penetration testing, ethical hacking, and vulnerability validation across enterprise applications and platforms.\
  • Strong understanding of banking systems, digital banking, payments, AML/KYC, fraud management, and financial transaction workflows.
  • Deep knowledge of application and API security, including OWASP Top 10, OWASP API Top 10, broken access control, injection, IDOR, authentication, authorisation, encryption, and business logic vulnerabilities.
  • Experience securing or assessing mobile applications on iOS and Android, including authentication, session management, local storage, certificate pinning, and secure communications.
  • Good understanding of network, server, operating system, and infrastructure security principles, including common attack paths and hardening practices.
  • Knowledge of cloud security principles and security controls across AWS, Azure, or GCP.
  • Experience integrating security into engineering and DevOps practices, including CI/CD security, secure configuration, secrets management, and automation.
  • Proficiency with security tools such as Burp Suite, OWASP ZAP, Nmap, Nessus, Metasploit, Wireshark, Postman, MobSF, or similar technologies.
  • Ability to produce clear security documentation and communicate findings, risks, and remediation priorities to both technical and non-technical stakeholders.
  • Experience partnering with engineering teams to validate vulnerabilities, support remediation, and improve secure development practices.
  • Solid understanding of secure coding, encryption, IAM, data protection, and common security frameworks and controls.
  • Familiarity with security and compliance requirements in regulated industries, particularly banking and financial services.
  • Excellent English communication skills.


Nice to Have

  • Experience working as a Security Engineer, Application Security Engineer, or Penetration Tester within banks, fintechs, payment platforms, or financial institutions.
  • Knowledge of PCI DSS, ISO 27001, SOC 2, SWIFT CSCF, and other banking or financial services security standards.
  • Experience with secure code review practices and SAST tools.
  • Experience integrating security controls into CI/CD pipelines using SAST, DAST, SCA, container scanning, or secrets detection.
  • Knowledge of container, Kubernetes, Docker, cloud, and Infrastructure-as-Code (IaC) security.
  • Experience with red teaming, attack simulation, adversary emulation, or purple team exercises.
  • Scripting or automation skills in Python, Bash, or PowerShell.
  • Security certifications such as CEH, eJPT, PNPT, OSCP, GPEN, GWAPT, CISSP, CISM, or equivalent.

(Note: Due to the high volume of applications we receive, we are unable to respond to every candidate individually. If you have not received a response from GFT regarding your application within 10 working days, please consider that we have decided to proceed with other candidates. We truly appreciate your interest in GFT and thank you for your understanding.)

About Us

We show commitment to our investors and stand for solid, long-term growth performance. Founded in Germany in 1987 and in American territory since 2008, GFT expanded globally to over 10,000 experts. And to more than 15 markets to ensure proximity to clients. With new opportunities from Asia to Brazil, the international growth story continues. We are committed to grow tech talents worldwide. Because our team’s strong consulting and development skills across legacy and pioneering technologies, like GreenCoding, underpin success. We maintain a family atmosphere in an inclusive work environment.

There is room for your talent!

Put your talent to work. At GFT, you'll be working with some of the brightest people in business and technology on challenging and rewarding projects in, a team of like-minded individuals.
Feel it. We are #one team collaboratively working towards the same goal.

Not Ready To Apply?

Stay connected! Enter your e-mail and we will keep you informed about upcoming events and opportunities that match your interests.

Apply now »