性别要求:不限性别
Job Description/职位描述:1. Conduct Security Audits & performing testing of products that come into our labs an d produce necessary reports; 对实验室产品进行安全审计和实施产品测试并提供测试报告2. Conduct privacy reviews based on checklists covering architecture, design an d produce necessary reports;基于公司测试标准对产品和服务进行隐私评审,包括但不局限于系统架构、设计,测试等,并提供测试报告3.Collaborate as a team member across business streams as a security testing SME an d independently manage Security/Privacy Testing Scope.做为安全测试专家能够独立管理安全和隐私测试的范围,并做为全球团队一员跨业务线支持和合作相关业务
Job Requirements/ 职位要求:1. Experience in manually testing web applications Or enterprise penetration testing;手工入侵测试网站或网站式应用经验2. Extensive hands on experiences with security tools like Nessus, Fortify, Webinspect, Qualys, Burp, Rapid7 etc.;广泛熟练使用安全测试工具,开源或商业测试软件:Nessus, Fortify, Webinspect, Qualys, Burp, Rapid7 等3. Strong knowledge in current security threats, trends, an d mitigation;对于目前主流的安全威胁,趋势和解决方案有深入了解4. Passion for discovering an d researching new vulnerabilities an d exploitation techniques;对于发现和研究新的漏洞和开发技术有热情5. Network an d infrastructure assessment using vulnerability scanners, generate report an d propose remediation plan;使用漏洞扫描工具对网络和基础架构进行漏洞扫描,提出报告并建议整改方案6. Familiarity with the OWASP framework an d application security best practices;熟悉并了解OWASP架构,应用安全的***实践 以及10大威胁。7. Familiarity with Mobile App security(Code Harden/Communication encryption/Data Obfuscation etc.) an d IoT product security(Reverse engineering/Blooth,Zig-Bee,Z-wave security);对移动应用安全(代码加固,通信加密,数据混淆等)和物联网设备安全(逆向工程,蓝牙,Zig-Bee,Z-wave安全) 有深入了解8. Familiarity with PCI, GDPR Or other regulatory requirements;熟悉国际主流的信息安全法规,如PCI或GDPR 9. Demonstrated familiarity with NIST Special Publication 800-53 an d CVE (Common Vulnerabilities an d Exposures) standards,BSI encryption best practice;熟悉并了解NIST标准,主要800-53和国际通用漏洞披露标准, 了解BSI加密实践10. Experience of developing an d leading technical remediation/mitigation activities of enterprise-wide issues, an d providing status Updates an d reports. Emphasis on remediation plans an d strategies;有过主导企业范围内的安全风险技术评估,能够提供状态更新和报告,并提供解决方案和战略规划者***。11.Demonstrated experience with effective written an d verbal communication skills – ability to prepare an d present security assessment results to senior management;能够以有效地语言和书面表达方式向客户或领导演示安全风险评估的结果。12. Certified Ethical Hacker certification and/or Network certification an d Or CISSP/CISM certification.CEH/CISSP/CIS,网络安全认证或其它安全认证证书持有者***
求职提醒:求职过程请勿缴纳费用,谨防诈骗!若信息不实请举报。