Secure Software Development Life Cycle (S-Sdlc) Cybersecurity Engineer - Information Security

• Participate in implementing Secure Software Development Life Cycle (SDLC), produce security solutions and security test reports, provide advice in patching vulnerabilities, and follow up with risk mitigation.
• Embed security principles into the design of system architectures to mitigate the risks posed by new technologies and business practices.
• Design artifacts, spanning design, development, and implementation, into enterprise systems that describe security principles and how they relate to the overall enterprise system architecture.
• Evaluate the risk points of common application frameworks and develop security solutions to provide security support for each business line.

• Bachelor's degree in Computer Science, Engineering, or related fields.
• More than 5 years of relevant work experience.
• Familiar with OWASP TOP 10 vulnerabilities, and have a deep understanding of the principle, utilization, patching, and reinforcement of various vulnerabilities.
• Familiar with the enterprise's SDLC process implementation, have work experience in building secure SDLC for IT companies, and have been in charge of secure SDLC for a large dev team.
• Familiar with black box testing methods and paths, able to independently complete source code auditing work, have hands-on experience in security design checklist.
• Familiar with at least one programming language such as Java, Python, PHP, Go, C, etc., and proficient in reading design documents and related codes.
• Having an understanding of common business logic vulnerabilities such as authentication, ultra vires, and tampering, and experiences independently exploring business logic vulnerabilities would be a bonus.
• Extensive experience in vulnerability mining, code auditing, and security solutions.
• Experience in vulnerability mining at the framework level.

Preferred Experience

• Having been credited to high-risk CVEs for well-known projects.
• Having contributed to the development of open-source projects. Experience working in team collaborative development and familiar with development tools.
• Fluent English communication skills for effective collaboration with multinational teams.