Hien Nguyen · Security Engineer & Consultant

Security engineer helping SaaS and fintech teams reduce risk and ship safely

I work across cloud security (AWS, GCP), web and API security, penetration testing, Kubernetes, and DevSecOps. I secure infrastructure, validate real attack paths, and deliver remediation plans teams can implement—so you ship safely and stay audit-ready.

Consulting: Hien Nguyen Cybersecurity — services, case studies, reports, and blog.

Cloud (AWS/GCP) · Web & API security · Penetration testing · Kubernetes · DevSecOps · Compliance (SOC 2, ISO 27001, PCI)

Book a consultation View consulting services Case studies

Remote, EU timezone · Response within 24–48 hours · Fixed quote after scope

Find and fix critical attack paths Cloud & app security for SaaS and fintech DevSecOps and audit-ready controls Clear remediation plans and executive summaries

About

I'm a security engineer with 7+ years in offensive security, cloud security (AWS/GCP), and DevSecOps. I help SaaS and fintech teams reduce risk and ship safely—through audits, penetration testing, and security architecture. For more on background and approach, see About on the consulting site.

Specialization

My work spans application security, cloud security, and delivery pipelines — focused on practical outcomes for product and engineering teams.

Web & API security

Auth/authz review, OWASP-focused testing, and developer-ready findings.

Cloud security (AWS/GCP)

IAM design, exposure review, logging/monitoring readiness, and scalable guardrails.

Kubernetes & container security

Cluster and workload hardening, isolation, secrets handling, and deployment risks.

DevSecOps / CI-CD security

Secure pipelines, dependency trust, secrets management, and release controls.

Security architecture for SaaS

Threat modeling, multi-tenant patterns, and compliance-aware control choices.

View consulting services Read case studies

Explore details: Services Case studies Reports Blog

Proof of experience

Worked in production environments for SaaS, fintech, and high-throughput systems
Secured APIs and web apps handling sensitive customer data and business-critical workflows
Reviewed and hardened AWS/GCP accounts: IAM, storage, networking, logging, and monitoring
Collaborated with engineers through tickets and PRs to drive fixes to completion
Supported audit readiness by mapping controls to real engineering practices (not just documentation)

Impact / results

Critical attack paths

Identified and validated exploitation paths with clear impact and practical fixes.

API authorization flaws

Found role boundary and access-control issues and helped teams close them with re-testable remediation.

Cloud misconfiguration risk

Reduced exposure from public access and over-permissive IAM; improved logging and alerting posture.

Audit readiness outcomes

Helped teams move toward SOC 2 / ISO 27001 readiness with engineering-friendly evidence and control choices.

Tools & technologies

Cloud

AWS GCP IAM Networking Logging

Application security

Web APIs OWASP Threat modeling

Detection & monitoring

Telemetry Alerting Signal quality Incident readiness

Automation

CI/CD Policy-as-code Secrets Release controls

Security philosophy

I focus on security that holds up in real engineering environments: fast shipping, multiple environments, legacy constraints, and limited time.

Risk-based, not checklist-based: prioritize what can realistically be exploited and what has business impact.
Evidence over opinions: demonstrate attack paths and misconfigurations clearly, then map fixes to concrete actions.
Fixes teams can maintain: guardrails and patterns that reduce repeated work, not one-off hardening.
Security as an engineering partner: decisions that respect product timelines while improving baseline security over time.

Research & writing

Selected writeups and deliverable examples live on Hien Nguyen Cybersecurity.

Featured research

Threat research series and write-ups for recruiters and clients. One place to see depth in AppSec, cloud security, and offensive security.

Research Index

Hub for threat research series, technical write-ups, blog, and case studies. Start here to scan the full portfolio.

View Research Index

Threat Research Series

Curated multi-post series: SaaS security, cloud IAM, API abuse. Structured for quick scanning and deep reading.

View series

Write-ups

Technical write-ups with methodology, findings, and remediation. Tied to blog and case studies.

View write-ups

For recruiters & clients

For recruiters & hiring managers

Hiring for Security Engineer, Security Researcher, AppSec, Cloud Security, or DevSecOps? I have 7+ years across offensive security, cloud (AWS/GCP), and application security. Evidence: Research Index, case studies, and blog. Remote, EU timezone. Happy to discuss fit and share a CV.

Contact me

For consulting clients (SaaS / fintech)

Scoped security testing, cloud audits, or architecture review. See services, case studies, and report deliverables. Fixed quote after scope; response within 24–48 hours.

View services Book consultation

Contact

Available: Remote, Europe

Response time: Within 24–48 hours

Email

Reach out directly for consulting inquiries, quick advice sessions, or to discuss scope.

Email me Full intake form →

What to include

Company / project
Engagement type (e.g. audit, testing, advisory)
Scope (apps, environments, compliance goals)
Timeline and deadlines

Quick Security Advice

Professional micro-consulting for focused outcomes. Calm, practical guidance without the overhead of a full engagement.

Cybersecurity Career Advice

€20 / hour

Best for: students and early professionals

What to learn next (roadmap)
CV / LinkedIn feedback
Interview preparation pointers

Request a session

Security Consultation

€60 / hour

Best for: individuals and small teams

Cloud/App security Q&A
Architecture second opinion
Next steps & remediation plan

Request a session

Remote, EU timezone • Response within 24–48 hours • Fixed quote for larger engagements