百池最新职位 >> 计算机软件 |
公司行业: | 计算机软件 | ||||
发布日期: | 2015-12-22 | 工作地点: | 厦门 | 招聘人数: | 若干 |
学 历: | 外语能力: | 英语 | |||
工作年限: | 3年以上 | 薪酬范围: | |||
职位描述: | |||||
Responsibilities: Build and facilitate company-wide security architecture practice and secure software development programs Develop and execute application security roadmap that aligns with technical and business risk, including identifying threats and potential areas for abuse in applications, specifying solutions, verifying through testing, and determining the necessary level of architecture activity and project oversight based on risk Translate security requirements into architectures and specific technology implementations Build re-usable security libraries and other components for Engineering teams to use in their development work Assist Engineering teams with code review and code security Assist QA in developing security test cases Analyze and tune web application firewall (WAF) alerts Develop presentations, diagrams and documentation to communicate security topics, and design requirements that bring clarity to technical and non- technical audiences Drive security requirements through designing and building prototypes, proofs of concept, ensuring architecture sign offs, delivering design documents and standards, and creating user stories Work with Engineering to embed secure development practices and lead projects to select and deploy developer tools Develop key indicators of malicious activities and ensure mitigation and detection measures are designed and built into applications Develop security metrics and measurement for application security, security architecture, and SDL security activities Design and implement automation for repetitive security tasks Mentor other technical team members and help train security advocates in developer teams Participate in tier 4 security escalation support Maintain strong knowledge of common security vulnerabilities, attack vectors, attack methods, and remediation techniques Position Requirements Degree in CS, EE or other Engineering Program. 5+ years combined experience with both a detailed technical knowledge and hands-on practice working in security architecture, application and network penetration testing, secure software development and/or QA Advanced knowledge of web architectures, web applications, REST APIs, mobile applications, desktop applications, Unified Communications (including VoIP and SMS), and the underlying technology of cloud infrastructure Detailed knowledge of cloud VoIP, web, mobile, and client application security vulnerabilities, attack methods, and countermeasure techniques Experience with a broad range of attack classes and malware, their workings, and propagation methods Experience securing platform web APIs Experiencing securing development environments in inter-company and ODC / partner environments Experience leading code reviews, pen-tests, or similar projects Experience deploying and using a wide selection of open source and commercial security development and testing tools (code scanners, fuzzing, using proxies in security testing, etc.) Experience building security testing tools and scripts for specific environments and use cases, and the ability to craft proof of concept exploits to demonstrate issues Experience bringing security designs and secure development practices into Agile development environments, QA teams, and Product, through implementation (MRDs, PRDs, coding style guides, user stories, technical specifications, verification and testing methods, etc.) Expert knowledge of secure application architectures, encryption technologies, cryptography and key management, authentication and control of application permissions, and implementation of same Knowledge of network, VoIP and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, SIP, RTP) and security capabilities Knowledge of web, VoIP and mobile application development and programming languages including Java, C++, Objective C. Previous programming experience, and experience working with product managers, QA teams, and application developers Knowledge of e-commerce payment systems (credit card, debit card, bank transfers) Knowledge of security bug classification frameworks such as CVSS and DREAD, and experience applying security bug classification methods in development and QA Excellent technical documentation skills Ability to perform threat modeling or use other risk identification techniques Results driven, creative, professional, persistent, quality oriented, and self-motivated work style. Must be able to prioritize and manage their projects and workload Experience working with global teams and ability to work global hours when necessary, including U.S., EU, and APAC time zones Fluency in Mandarin and English (written and verbal) Desired Qualifications Experience with Oracle, MongoDB, EMC, NetApp, Juniper NetScreen firewalls, Acme SBCs, and VMWare vSphere (VCenter, vCenter Ops, ESXi, Linux, Windows, and Macintosh OS) Experience with payment fraud and toll fraud Strong industry relationships, has conducted industry research, and has a history of presenting their research at security conferences Experience with PCI, Sarbanes Oxley, SSAE-16 SOC controls, ISO 27001/27002, NIST 800-53, FEDRAMP and other security frameworks Knowledge of CPNI and global privacy regulations Security certifications such as CISSP, Certified Ethical Hacker, and SANS GIAC (GPEN, GWAPT, GXPN, GSSP-Java, GWEB, or GSE) Russian language skills (written and verbal) |
|||||
联 系 人: | |
电子邮箱: | hr@100cheer.cn |