About GFT

GFT Technologies is an AI-centric global digital transformation company. We design advanced data and AI transformation solutions, modernize technology architectures and develop next-generation core systems for industry leaders in Banking, Insurance, Manufacturing and Robotics. Partnering closely with our clients, we push boundaries to unlock their full potential. With deep industry expertise, cutting-edge technology, and a strong partner ecosystem, GFT delivers responsible AI-centric solutions that combine engineering excellence, high-performance delivery and cost efficiency. Our team of 12,000+ technology experts operate in 20+ countries worldwide offering career opportunities at the forefront of software innovation.

Role Summary 

We are seeking a highly skilled and hands-on Senior Security Engineer (Technical Lead) with a strong focus on secure coding and automation (Python) to join our Service Operations team.

This role is ideal for engineers who are passionate about building secure, scalable systems, integrating security into development workflows, and supporting banking/financial domain applications in a cloud-native (AWS) environment.

In addition, this role will act as the local security lead for the Vietnam-based team (4–5 engineers), providing day-to-day guidance, coordination, and oversight while working closely with the client’s CISO and central security team. The role also requires proactive engagement with the wider GFT engineering community supporting one of our strategic accounts in APAC to promote secure practices and raise the overall security posture. 

Key Responsibilities 

• Develop and maintain security automation tools and scripts using Python to support application security and DevSecOps processes  
• Perform secure code reviews across platforms (Kotlin, Node.js, Android, iOS, Python), with strong emphasis on Python-based systems  
• Integrate and automate security controls into CI/CD pipelines (e.g., GitHub Actions)  
• Work closely with engineering teams to embed secure coding practices into the SDLC  
• Implement and manage SAST/SCA/DAST tools and automate vulnerability detection and remediation workflows  
• Support API and application security (REST, GraphQL), including authentication, authorization, and encryption practices, with a focus on designing and enabling secure implementation patterns rather than direct feature development 
• Enable and support penetration testing and vulnerability validation (mobile, web, APIs) by integrating and operating testing tools and services 
• Enable and facilitate threat modelling (e.g., STRIDE) and risk assessment practices by building supporting frameworks, tooling, and guidelines for engineering teams 
• Collaborate with infrastructure teams to ensure secure deployment on AWS cloud environments  
• Contribute to application security standards, policies, and best practices aligned with OWASP  
• Monitor and respond to emerging security threats, including risks related to AI-enabled systems  
• Support BAU security operations, vulnerability management, and continuous improvement initiatives  
• Act as the local lead for the Vietnam-based security team (4–5 engineers), providing guidance, task coordination, and quality oversight aligned with direction from the client’s CISO 
• Proactively engage with GFT engineering teams in Vietnam (50+ engineers supporting our client) to share security best practices, provide advisory support, and promote secure coding and DevSecOps adoption 

Required Qualifications 

• 6+ years of hands-on experience in Python development (mandatory, strong coding capability is critical)  
• 3-4 years of experience in application security/DevSecOps  
• Experience working in banking/financial services domain  
• Strong experience with AWS cloud services and cloud security practices  
• Solid understanding of secure coding practices and code review methodologies  
• Experience integrating security tools into CI/CD pipelines  
• Familiarity with SAST/SCA/DAST tools  
• Basic understanding of penetration testing concepts and tools (e.g., Burp Suite, MobSF, Frida)  
• Knowledge of API security, authentication mechanisms, and cryptographic fundamentals  
• Experience working in Agile/DevOps environments  

Preferred Qualifications 
• Experience with security automation frameworks and tooling in Python  
• Exposure to AI/ML application security (e.g., prompt injection, model abuse)  
• Certifications such as AWS Security Specialty, CSSLP, OSCP (optional)  
• Experience with container security (Docker, Kubernetes) and IaC scanning  
• Familiarity with banking security standards and compliance requirements 

(Note: Due to the high volume of applications we receive, we are unable to respond to every candidate individually. If you have not received a response from GFT regarding your application within 10 workdays, please consider that we have decided to proceed with other candidates. We truly appreciate your interest in GFT and thank you for your understanding)