Job Description
Job Description:
- Participate in implementing Secure Software Development Life Cycle (SDLC), produce security solutions and security test reports, provide advice in patching vulnerabilities, and follow up with risk mitigation.
- Embed security principles into the design of system architectures to mitigate the risks posed by new technologies and business practices.
- Design artifacts, spanning design, development, and implementation, into enterprise systems that describe security principles and how they relate to the overall enterprise system architecture.
- Evaluate the risk points of common application frameworks and develop security solutions to provide security support for each business line.
Requirements:
- Bachelor's degree in Computer Science, Engineering, or related fields.
- More than 5 years of relevant work experience.
- Familiar with OWASP TOP 10 vulnerabilities, and have a deep understanding of the principle, utilization, patching, and reinforcement of various vulnerabilities.
- Familiar with the enterprise's SDLC process implementation, have work experience in building secure SDLC for IT companies, and have been in charge of secure SDLC for a large dev team.
- Familiar with black box testing methods and paths, able to independently complete source code auditing work, have hands-on experience in security design checklist.
- Familiar with at least one programming language such as Java, Python, PHP, Go, C, etc., and proficient in reading design documents and related codes.
- Having an understanding of common business logic vulnerabilities such as authentication, ultra vires, and tampering, and experiences independently exploring business logic vulnerabilities would be a bonus.
- Extensive experience in vulnerability mining, code auditing, and security solutions.
- Experience in vulnerability mining at the framework level.
Preferred Experience
- Having been credited to high-risk CVEs for well-known projects.
- Having contributed to the development of open-source projects. Experience working in team collaborative development and familiar with development tools.
- Fluent English communication skills for effective collaboration with multinational teams.