高级系统安全工程师

351 天前
 zbd123

岗位关键字:安全攻防,漏洞识别,漏洞防护,容器扫描

岗位职责:

  1. 负责集团和各产品线的安全规范制定、安全技术评估、设计和支持;
  2. 制定集团/产品线级安全设计指标和质量评估标准,制定安全相关静态代码检查规则,验证产品的安全性;
  3. 设计并指导安全特征实现,组织指导研发团队进行威胁建模,制定安全保障策略;
  4. 关注业界安全动态,负责产品安全需求与技术跟踪,及时应对安全风险。 任职资格:

要求

  1. 熟悉常见的系统、网络、应用攻击技术原理及防御加固方案;
  2. 熟悉流行的虚拟化技术、分布式计算、SDN 等技术原理、安全风险及加固方案;
  3. 熟悉公有云和平台安全防护设计和产品服务
  4. 熟悉行业内主流安全产品的设计和厂商
  5. 熟悉等保等安全规范,能够针对客户提出的等保需求,给出针对性建议和方案
  6. 能够从客户业务需求出发,给出具体客户安全加固的落地方案
  7. 在 Web 应用安全、移动 APP 安全、主机系统安全、网络安全、攻击检测与防御至少两方面有较深入的研究和实践
  8. 具备防火墙、web 应用防火墙( WAF )、审计等产品全生命周期设计、开发管理经验优先,持有 BIP 证书者优先
  9. 英文能沟通,书面和口语,偶然口语

加分项:

1.熟悉 X86/ARM/ARM64 等任一体系结构,熟悉硬件安全机制如 TrustZone ,SGX 等 2.熟悉 Linux/Android/QNX/FreeRTOS 等任一操作系统,对操作系统的安全机制有深入了解"

最后:

英文简历 不用考试 USDT 先,后面会考虑在国内开实体

monagh2020@outlook.com

1691 次点击
所在节点    酷工作
8 条回复
zbd123
351 天前
About company/Team
We're an innovative B2B SaaS company with a line of products and services (affiliate management, back-office systems, payments, security and business intelligence). As a cutting-edge technology firm, we are dedicated to safeguarding company/customer digital assets and ensuring the highest standards of cybersecurity. We are seeking a skilled and experienced Security Expert specializing in penetration testing / hacking to join our dynamic team.

If you're a standout pen-tester/hacker who thrives on conquering challenges and achieving success, we invite you to join our team.

A special request
After you have carefully read the vacancy details, please fill in the short form at the end of this post and we'll proceed from there. Thank you.
Position Description (fulltime, remote, longterm)
If you are a talented pen-tester/hacker with 5+ of hacking experience, including indepth understanding of system engineering, experience building botnets, reverse sock5 proxies and using metasploit along with other standard tools, read on.
As a Security Expert, you will be responsible for conducting penetration tests, implementing advanced security measures, and fortifying our systems against potential threats. You will play a crucial role in maintaining the integrity and resilience of our digital infrastructure.

Responsibilities:
Penetration Testing: Conduct thorough and comprehensive penetration tests to identify vulnerabilities and weaknesses in our systems.
Security Assessments: Perform in-depth security assessments to evaluate and enhance our overall cybersecurity posture.
Anti-Hacking Practices: Implement and refine advanced anti-hacking practices to protect against evolving cyber threats.
Security Architecture: Contribute to the design and implementation of robust security architecture for our systems.
Incident Response: Develop and execute incident response plans, ensuring rapid and effective response to security incidents.
Security Awareness: Foster a culture of security awareness among team members and provide training as needed.
Collaboration: Work closely with cross-functional teams to integrate security measures seamlessly into our technology stack.
Research and Development: Stay abreast of the latest cybersecurity trends, emerging threats, and technological advancements to continuously enhance our security protocols.
Documentation: Maintain detailed documentation of security processes, procedures, and test results.
Compliance: Ensure compliance with relevant industry standards and regulations related to cybersecurity.

Qualifications:
Deep understanding of multiple Operating Systems - Unix/Linux, Windows, etc
Indepth understanding of computers, system engineering and networking
Proven experience in developing botnets
Runing scripts on endpoints
Proficiency in various anti-hacking practices and tools like Metasploit, Intruder etc
Proven experience in performing penetration tests and security assessments
Advanced knowledge of cybersecurity principles, protocols, and technologies.
Familiarity with industry standards and compliance requirements
Strong analytical and problem-solving skills
Excellent communication and interpersonal skills
Relevant certifications such as CISSP, CEH, or OSCP are highly desirable
Bachelor's degree in Computer Science, Information Security, or a related field.

Additional Instructions
USDT 2500-5000
BadFox
351 天前
第一次听说 BIP 证书...你指的是 BIP cybersec 的证书?
zbd123
350 天前
@BadFox 看英文的中文的初稿不用看。
wangkai0351
349 天前
个人看法,工作职责和薪资不匹配,看工作职责我认为这是一个团队的工作量
zbd123
348 天前
@wangkai0351 不是一个人的
BadFox
348 天前
@zbd123 你这英文中文压根不是一个岗啊,中文是安全运营,英文是 pen tester ,区别好大。
leadwkor1
348 天前
你这中文 jd ,怎么岗位职责像是甲方,岗位要求看着又像是乙方
zbd123
347 天前
@leadwkor1 以英文为准啊。有兴趣不

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/1005920

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX