Application Security Analyst

  • Ho Chi Minh City


  • Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
  • Perform application security testing on various types of applications such as Web, API’s, Mobile, etc., inclusive of the supporting infrastructure components.
  • Leverage application artifacts such as business requirements, user stories, design documents, architecture documents to understand the testing scope and create targeted security user stories or misuse cases.
  • Manage and execute security assessments for multiple projects simultaneously and ensure project timelines are met.
  • Identify opportunities for process improvements and automation.
  • Analyze source code to mitigate identified weaknesses and vulnerabilities within the system.
  • Have strong technical writing and presentation skills to report and articulate the vulnerability assessment results to any audience.
  • Identify opportunities to automate and standardize information security controls for the supported groups.
  • Resolve any vulnerabilities or issues detected in an application or infrastructure.
  • Analyze source code to mitigate identified weaknesses and vulnerabilities within the system.
  • Review and validate automated testing results and prioritize actions that resolve issues based on overall risk.
  • Scan and analyze applications with automated tools, and perform manual testing if necessary.
  • Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions.
  • Direct the development and delivery of secure solutions by coordinating with business and technical contacts.
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm’s reputation and safeguarding Timo, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behaviour, conduct and business practices, and escalating, managing and reporting control issues with transparency.


  • 1+ years of experience in security testing experience and knowledge of security tools such as Burp Suite, Sonarque, Acunetix, FSB, Flawfinder, CWE, CVE, …
  • Enterprise application development using Java technology stack with security background.
  • Advanced proficiency with Microsoft Office tools and software.
  • Consistently demonstrates clear and concise written and verbal communication.
  • Proven influencing and relationship management skills.
  • Proven analytical skills.


  • Bachelor’s degree/University degree or equivalent experience.
  • Master’s degree preferred.


  • Competitive salary
  • 13-month salary
  • Extra healthcare insurance
  • Company outing & team building
  • 15-day annual leave days
  • Data 4G allowance
  • Parking allowance
  • Taxi allowance
  • Learning & Development
  • Timo Club
  • Full time, working hours from 8:30 – 12:00 & 13:30 – 18:00 Monday to Friday weekly

Find it interesting? Apply now at: