Key Responsibilities

Information Security

• Develop and maintain information security policies, standards, and procedures in compliance with ISO 27001, NIST, GDPR, and other frameworks.

• Conduct periodic security risk assessments and propose risk mitigation plans for the entire IT infrastructure and enterprise data.

• Perform vulnerability assessments and penetration tests on applications, internal systems, APIs, and AI pipelines.

• Participate in evaluating and consulting on security from the design phase of new systems (security by design).

• Coordinate incident response for information security breaches, including forensic analysis, root cause investigation, and recovery.

• Collaborate with legal, operations, and HR departments to implement security awareness training programs.

• Monitor emerging attack trends targeting data systems, AI, and cloud environments to promptly update protection strategies.

• Ensure the integrity, confidentiality, and availability of the organization’s critical information assets.

Network Security

• Design, configure, and manage network security devices such as firewalls (e.g., Palo Alto, Fortinet), IDS/IPS, VPNs, proxies, and DDoS protection systems.

• Monitor network activity via SIEM platforms to detect anomalies, unauthorized access, or cyberattacks.

• Analyze system logs and network traffic to investigate threats and conduct real-time incident responses.

• Implement network segmentation, internal access control, Zero Trust architecture, and protection for sensitive data zones.

• Support infrastructure deployment and security for AI systems, cloud platforms, and DevOps pipelines in hybrid environments.

• Track network security KPIs and recommend improvements and upgrades to defenses based on emerging risks.

• Conduct regular reviews of network security configurations and assist with internal/external audit assessments.

Carry out other tasks as assigned by upper management or the Group Leadership.

Job Requirements

• Age: 28–35 years old

• Education: Bachelor’s degree in Information Technology, Information Security, or a related field

• Experience: Minimum 5 years of professional experience in Information Security and/or Network Security

• Technical Knowledge:

  • Strong understanding of network architectures and protocols: TCP/IP, DNS, routing, switching, VPN, NAT

  • Hands-on experience with SIEM, EDR, firewalls, IDS/IPS, DLP, MFA systems

  • Capable of performing security testing, vulnerability analysis, and incident investigation (incident handling & forensics)

• Certifications (Preferred):

  • International certifications such as CISSP, CISM, CEH, OSCP, CCNP Security, ISO 27001 Lead Auditor

• Language Skills:

  • Good reading comprehension of technical English documents

  • Able to communicate with specialized partners

Authority

1. Proactively resolve issues related to assigned tasks

2. Propose measures and solutions for professional operations

3. Request relevant documents and information from departments, divisions, or units

4. Decline any assignments that violate Group regulations or the law

5. Be fully responsible for maintaining information security, ensuring absolute accuracy, and accepting accountability for any consequences (if any) arising from tasks and delegated authority

• Competitive salary based on competence, project performance bonuses.
• Professional working environment with clear career advancement paths.
• Opportunities to access and implement large-scale projects using advanced technology.
• Participation in internal training courses, technical workshops, and long-term learning support.