Security Engineer, Blue Team

GRADION

full-time

Posted on: 1/14/2026

Location Type: Hybrid

Location: Ho Chi Minh City • Vietnam

✨ AI Apply

About the role

Implement defensive controls for web applications based on red team pentest findings (WAF configuration, secure headers, input validation).
Monitor web application logs to detect exploitation attempts and anomalies.
Execute incident response for web security incidents, perform root cause analysis, and validate vulnerability remediations.
Harden cloud infrastructure configurations (IAM policies, encryption, network controls) from cloud security assessment results.
Develop and maintain security monitoring playbooks, alerting rules, and remediation procedures for web/cloud environments.
Collaborate with red team during purple team exercises to validate defensive effectiveness.

At least 2 years of experience in defensive security operations or SOC analyst roles.
Strong understanding of web application security defenses (WAF, secure coding, API protection).
Experience with a SIEM platform and log analysis for threat detection.
Proficiency in cloud security services (AWS GuardDuty, Config, IAM ...or Azure/GCP equivalents).
Skilled in scripting for security automation (Python, Bash) and basic Linux/Windows administration.
Familiarity with MITRE ATT&CK framework and NIST/CIS compliance standards.
Professional certifications like CompTIA CySA+, GCIH, or cloud security certs are advantageous.

Benefits

Tip: use these terms in your resume and cover letter to boost ATS matches.

WAF configurationsecure codingAPI protectionlog analysiscloud security servicesAWS GuardDutyPythonBashLinux administrationWindows administration

incident responseroot cause analysiscollaboration

CompTIA CySA+GCIH