About

Notes: I’m open to remote opportunities or relocation to a European country.

It takes curiosity to learn and courage to unlearn. Stay enthusiastic about lifelong learning.

Stay here for some redacted information. For my full resume, please visit this link and my cover letter; if you’re interested and would like to chat, shoot me a DM or reach out via the links in the footer.

Professional Experience

2024 - 2026 | AppSec Engineer

A TechHub - Banking and Fintech Domain

Product Security ( Team size: 03 )

• Own the AppSec direction for the organization, setting priorities, driving remediation with engineering, and keeping security visible as the product scales.
• Build security into the delivery pipeline from day one automating checks across CI/CD, running threat models early in the design phase, and monitoring supply chain risks before they become incidents.
• Run penetration tests on our products and infrastructure, then stay involved through remediation rather than stopping at the report.
• Sit on the Security Architecture Review Board and pull in cross-functional teams early — threat modeling against design docs and revising data flows to close vulnerabilities at the business logic layer before they ship.
• Establish security baselines through internal audits and embed secure development practices into engineering teams in a way that reduces friction rather than slows delivery.

6 months - 2023 | R&D Security Internship based in Paris

A French Startup Company

• Implemented a commercial EDR solution (MDE) and tested its detection and prevention capabilities.
• Performed adversary emulation to simulate real attacks (Atomic Red Team, Caldera) to trigger security alerts, then analyzed results and determined proactive mitigation efforts.
• Performed penetration testing of an internal application, identifying 10+ security issues and providing prioritized recommendations to remediate vulnerabilities.

A year | Application Security Specialist

An Outsourcing Company.

• Performed security assessments for a global biopharma company, implementing SAST and SCA integrated into SDLC.
• Performed DAST assessments on web applications for a US-based client, identifying and triaging vulnerabilities by severity, and collaborating with development teams on prioritized remediation of high and medium severity findings.
• Joined as part of an R&D team, conducted PoCs and training for security products including HCL AppSec variants, Rapid7 Appspider, and others.

Nearly 3 years | Cyber Security Consultant

A Consulting Company

• Delivered penetration testing (web/mobile) services for clients across industries including banking, hospitality, oil and energy, aviation, outsourcing.
• Conducted a threat-led penetration test for a client using an internal CTI tool and OSINT that helped with initial access for the project.
• Performed risk assessments by conducting client interviews and reviewing findings using the Cyber Security Assessment Program (CPA) across 10 ITSM domains. Generated reports documenting findings, risk scores, and prioritized remediation recommendations mapped to ISO27001 and NIST frameworks.

Academic Background

Sept 2022 - Sept 2023 Université Grenoble Alpes - Institut Polytechnique de Grenoble (Greble INP - UGA), France

MSc. in Cybersecurity (Cysec - Bac +5)

Relevant Coursework

Threat and risk analysis (IT Audit), Software Security, Security Architecture, Cryptographic Engineering, Physical Security, Advanced Software Security

Sept 2016 - Sept 2020 University of Information Technology (UIT), Vietnam National University Ho Chi Minh City

Bachelor of Engineering. Information Security (Hons Program)

Achievements

• 2022 - 2023 France Excellence Scholarships, awarded by the French Embassy in Vietnam (Master’s degree level).