About

Notes: I’m open to remote opportunities or relocation to a European country. I’m also eligible for a French Job Seeker Visa and the EU Blue Card pathway.

It takes curiosity to learn and courage to unlearn. Stay enthusiastic about lifelong learning.

Stay here for some redacted information. For my full resume, please visit this link and my cover letter; if you’re interested and would like to chat, shoot me a DM or reach out via the links in the footer.

Professional Experience

2024 - present | AppSec Engineer

A TechHub - Banking and Fintech Domain

• Conducted several internal security audits, establishing a strong security baseline for a rapidly growing fintech startup, and reducing critical vulnerabilities by 80% in key systems within 6 months.
• Collaborated with cross-functional teams (Solution Architects, Developers, and Business Analysts) to identify and address 50+ security gaps through threat modeling and reviews of design documents (FSD, TSD). Revised the data flow to align with security best practices, reducing vulnerabilities in business logic.
• Drove the adoption of user-centric security practices across multiple engineering teams, enhancing secure development lifecycle and reducing friction during feature delivery.
• Owned product security for retail digital banking, cutting 80% of major gaps and keeping new feature issues under 10% through secure SDLC practices.

6 months - 2023 | R&D Security Internship based in Paris

A French Startup Company

• Implemented a commercial EDR solution (MDE) and tested its detection and prevention capabilities.
• Performed adversary emulation to simulate real attacks (Atomic Red Team, Caldera) to trigger security alerts, then analyzed results and determined proactive mitigation efforts.
• Performed penetration testing of an internal application, identifying 10+ security issues and providing prioritized recommendations to remediate vulnerabilities.

A year | Application Security Specialist

An Outsourcing Company.

• Performed security assessments for a global biopharma company, implementing SAST and SCA integrated into SDLC.
• Performed Dynamic Application Security Testing (DAST) scans for 150+ internal web apps of a US-based client quarterly, identifying an average of 200 vulnerabilities, including on-demand scanning. Created tickets and provided prioritized recommendations to resolve all high and medium severity issues with the developer team.
• Joined as part of an R&D team, conducted PoCs and training for security products including HCL AppSec variants, Rapid7 Appspider, and others.

Nearly 3 years | Cyber Security Consultant

A Consulting Company

• Delivered penetration testing (web/mobile) services for clients across industries including banking, hospitality, oil and energy, aviation, outsourcing.
• Conducted a threat-led penetration test for a client using an internal CTI tool and OSINT that helped with initial access for the project.
• Performed risk assessments by conducting client interviews and reviewing findings using the Cyber Security Assessment Program (CPA) across 10 ITSM domains. Generated reports documenting findings, risk scores, and prioritized remediation recommendations mapped to ISO27001 and NIST frameworks.

Academic Background

Sept 2022 - Sept 2023 Université Grenoble Alpes - Institut Polytechnique de Grenoble (Greble INP - UGA), France

MSc. in Cybersecurity (Cysec - Bac +5)

Relevant Coursework

Threat and risk analysis (IT Audit), Software Security, Security Architecture, Cryptographic Engineering, Physical Security, Advanced Software Security

Sept 2016 - Sept 2020 University of Information Technology (UIT), Vietnam National University Ho Chi Minh City

Bachelor of Engineering. Information Security (Hons Program)

Achievements

• 2022 - 2023 France Excellence Scholarships, awarded by the French Embassy in Vietnam (Master’s degree level).