About

It takes curiosity to learn and courage to unlearn. Stay enthusiastic about lifelong learning.

Stay here with some redact information. For full resume, shoot me a dm or reach out via the links at footer.

Professional Experience

2024 - present | AppSec Engineer

A TechHub - Banking and Fintech Domain

• Conducted several internal security audits, establishing a strong security baseline for a rapidly growing fintech startup, and reducing critical vulnerabilities by 80% in key systems within 6 months.
• Collaborated with cross-functional teams (Solution Architects, Developers, and Business Analysts) to identify and address 50+ security gaps through threat modeling and reviews of design documents (FSD, TSD). Revised the data flow to align with security best practices, reducing vulnerabilities in business logic.
• Drove the adoption of user-centric security practices across multiple engineering teams, enhancing secure development lifecycle and reducing friction during feature delivery.
• Owned product security for retail digital banking, cutting 80% of major gaps and keeping new feature issues under 10% through secure SDLC practices.

6 months - 2023 | R&D Security Internship based in Paris

A French Startup Company

• Implemented commercial EDR solution (MDE), and tested the detection and prevention capacity.
• Performed adversary emulation to simulate real attacks (Atomic Red Team, Caldera) in order to trigger security alerts, then analyzed and determined proactive mitigation efforts.
• Performed penetration testing of an internal application, identifying 10+ security issues and providing prioritized recommendations to remediate vulnerabilities.

A year | Application Security Specialist

An Outsourcing Company.

• Performed security assessments for a global biopharma company, implementing SAST and SCA integrated into SDLC.
• Performed Dynamic Application Security Testing (DAST) scans for 150+ internal web apps of a US-based client quarterly, identifying 200 vulnerabilities on average, including on-demand scanning. Created tickets and provided prioritized recommendations to resolve all high and medium severity issues with developer team.
• Joined as part of an R&D team, conducted PoC and training of security products including HCL AppSec variants, Rapid7 Appspider …

Nearly 3 years | Cyber Security Consultant

A Consulting Company

• Delivered penetration testing (web/mobile) services for clients across industries including banking, hospitality, oil and energy, aviation, outsourcing.
• Conducted a Threat-Led penetration test for a client utilizing an internal CTI tool and OSINT that helped for initial access of the project.
• Performed risk assessments by conducting client interviews and reviewing findings using the Cyber Security Assessment Program (CPA) across 10 ITSM domains. Generated reports documenting findings, risk scores, and prioritized remediation recommendations mapped to ISO27001 and NIST frameworks.

Academic Background

Sept 2022 - Sept 2023 Université Grenoble Alpes - Institut Polytechnique de Grenoble (Greble INP - UGA), France

MSc. in Cybersecurity (Cysec - Bac +5)

Relevant Coursework

Threat and risk analysis (IT Audit), Software Security, Security Architecture, Cryptographic Engineering, Physical Security, Advanced Software Security

Sept 2016 - Sept 2020 University of Information Technology (UIT), Vietnam National University Ho Chi Minh City

Bachelor of Engineering. Information Security (Hons Program)

Achievements

• 2022 - 2023 France Excellence Scholarships, awarded by the French Embassy in Vietnam (Master’s degree level).