Trần Đặng Hồng Loan
Ho Chi Minh City
Summary
Penetration Tester with over 2 years of experience in security assessments for Web, API, and Mobile (Android & iOS) platforms, specifically within the financial sector. Proven track record in executing end-to-end testing for lending products, from static analysis to runtime exploitation. Currently pursuing a Master’s in Information Security at UIT to deepen research methodologies in offensive security and emerging threats.
Overview
2
2
years of professional experience
4
4
Certifications
Work History
Senior Penetration Tester
HD SAISON Finance Co., Ltd
Ho Chi Minh
12.2025 - Current
- Mobile Assessment: Performed deep-dive pentests on Android and iOS financial apps, focusing on lending logic and transaction integrity.
- Runtime Manipulation: Utilized Frida and Objection to bypass SSL Pinning, Root/Jailbreak detection, and analyze app behavior at runtime.
- Technical Testing: Conducted manual testing on Mobile Backend APIs using Burp Suite to identify insecure endpoints and data leakage.
- Code Review: Analyzed source code (Java/Swift) to identify hardcoded secrets, weak cryptography, and insecure data storage.
- Reporting & Collaboration: Delivered technical reports with PoC exploits and worked directly with developers to verify fixes.
Cybersecurity Associate
PwC Vietnam
Ho Chi Minh city
01.2025 - 11.2025
- Vulnerability Assessment: Conducted penetration testing for web applications and mobile backend APIs, providing technical remediation guidance.
- Risk & Compliance: Supported risk assessments and technical audits for data protection (GDPR/Local laws), focusing on encryption standards.
- Social Engineering: Coordinated authorized phishing simulations to evaluate organizational resilience and human-factor risks.
- Security Research: Investigated emerging attack vectors to improve internal assessment methodologies and client defense strategies.
Blockchain Engineering Intern
AlphaTrue
Ho Chi Minh city
03.2024 - 06.2024
- Conducted research on security systems for Basal Wallet, Vietnam’s first licensed tokenized asset project, enhancing wallet security and user trust.
- Authored technical blogs on Zero-Knowledge Proofs (ZKP) and researched smart contract development.
- Explored DeFi protocols and ZK-SNARKs to support secure decentralized applications and improve digital privacy.
- Assisted in the development of Polkadot parachains and Binance futures trading bots through implementation and testing.
Education
Bachelor of Science - Information Security
University of Information Technology
Ho Chi Minh City, Viet Nam08-2024
Master of Science - Computer And Information Systems Security
VNUHCM - University of Information Technology
VietNamSkills
- Web & Mobile Pentesting
- Runtime manipulation (Frida/Objection)
- Security mechanism bypassing
- Reverse engineering
- API security testing
- Static application security testing (SAST)
- OWASP Mobile Top 10
- Technical reporting and PoC
- Automation scripting (Python/Bash)
- Vulnerability Research
Certification
Web penetration testing course, Cyberjutsu, 01/07/25
Timeline
Senior Penetration Tester
HD SAISON Finance Co., Ltd
12.2025 - Current
Cybersecurity Associate
PwC Vietnam
01.2025 - 11.2025
Blockchain Engineering Intern
AlphaTrue
03.2024 - 06.2024
Bachelor of Science - Information Security
University of Information Technology
Master of Science - Computer And Information Systems Security
VNUHCM - University of Information Technology