KỸ NĂNG
- NodeJS
- ReactJS
- NextJS
- TypeScript
MÔ TẢ CÔNG VIỆC
- Fine-tune and extend existing features on the matching platform (users ↔ care providers), working across frontend and backend.
- Read and interpret security assessment reports (database-layer and application-layer) and translate findings into concrete, working code and configuration changes.
- Implement Supabase Row-Level Security (RLS) policies, storage bucket rules, and Auth configuration fixes.
- Apply application-layer fixes on Next.js/Vercel: middleware, security headers, rate limiting, CORS configuration.
- Validate each fix using the re-validation steps included in the security reports (SQL checks, curl checks) to confirm remediation before closing an item.
- Prioritize and sequence remediation work without breaking existing functionality on a live production system handling sensitive user data.
- Collaborate with the existing dev team and communicate progress/status clearly on each finding.
- Working time: GMT+3 (2-11h VNT)
- Read and interpret security assessment reports (database-layer and application-layer) and translate findings into concrete, working code and configuration changes.
- Implement Supabase Row-Level Security (RLS) policies, storage bucket rules, and Auth configuration fixes.
- Apply application-layer fixes on Next.js/Vercel: middleware, security headers, rate limiting, CORS configuration.
- Validate each fix using the re-validation steps included in the security reports (SQL checks, curl checks) to confirm remediation before closing an item.
- Prioritize and sequence remediation work without breaking existing functionality on a live production system handling sensitive user data.
- Collaborate with the existing dev team and communicate progress/status clearly on each finding.
- Working time: GMT+3 (2-11h VNT)
YÊU CẦU CÔNG VIỆC
- 6–8 years of hands-on fullstack experience, with strong proficiency in React/Next.js and Node.js/TypeScript.
- Solid hands-on experience with Supabase (or equivalent Postgres-based BaaS): Row-Level Security policies, Auth (GoTrue), Storage, PostgREST.
- Working knowledge of PostgreSQL: writing and reading SQL directly, understanding pg_policies, pg_tables, and RLS mechanics.
- Experience deploying and configuring apps on Vercel: Edge Middleware, next.config.js headers, caching behavior.
- Solid understanding of web application security fundamentals: JWT/session handling, CORS, CSRF, rate limiting, secure cookie attributes.
- Ability to read a technical security report (findings, CVSS scores, evidence, remediation SQL) and independently execute the fix.
- Comfortable working directly against a live production environment with sensitive data, with care and without unnecessary risk.
Nice to Have
- Prior experience remediating findings from a Burp Suite / OWASP ZAP / Postman security assessment.
- Experience in healthcare or another regulated/sensitive-data domain.
- Familiarity with basic security testing tools (curl-based API testing, psql) to self-verify fixes.
- Solid hands-on experience with Supabase (or equivalent Postgres-based BaaS): Row-Level Security policies, Auth (GoTrue), Storage, PostgREST.
- Working knowledge of PostgreSQL: writing and reading SQL directly, understanding pg_policies, pg_tables, and RLS mechanics.
- Experience deploying and configuring apps on Vercel: Edge Middleware, next.config.js headers, caching behavior.
- Solid understanding of web application security fundamentals: JWT/session handling, CORS, CSRF, rate limiting, secure cookie attributes.
- Ability to read a technical security report (findings, CVSS scores, evidence, remediation SQL) and independently execute the fix.
- Comfortable working directly against a live production environment with sensitive data, with care and without unnecessary risk.
Nice to Have
- Prior experience remediating findings from a Burp Suite / OWASP ZAP / Postman security assessment.
- Experience in healthcare or another regulated/sensitive-data domain.
- Familiarity with basic security testing tools (curl-based API testing, psql) to self-verify fixes.
QUYỀN LỢI
- Receive 100% salary from the onboarding date.
- Participate in company activities: Teambuilding, travel and other activities.
- Work with large and advanced systems, have the opportunity to develop comprehensive technology skills with complex problems, requiring high accuracy.
- Participate in company activities: Teambuilding, travel and other activities.
- Work with large and advanced systems, have the opportunity to develop comprehensive technology skills with complex problems, requiring high accuracy.
MỨC LƯƠNG
up to 38 triệu
work
Loại hình làm việc :
Remote
event
Hạn ứng tuyển:
13/07/2026
date_range
Kinh nghiệm:
3 năm
school
Học vấn:
Không yêu cầu
people
Số lượng:
1
switch_account
Cấp bậc:
Senior
Hỗ trợ ứng tuyển
email
quynhttd@hatonet.com
Việc khác cùng kỹ năng