Job Description:
- Participate in implementing Secure Software Development Life Cycle (SDLC), produce security solutions and security test reports, provide advice in patching vulnerabilities, and follow up with risk mitigation
- Evaluate the risk points of common application frameworks and develop security solutions to provide security support for each business line
- Embed security principles into the design of system architectures to mitigate the risks posed by new technologies and business practices
- Design artifacts, spanning design, development and implementation, into enterprise systems that describe security principles and how they relate to the overall enterprise system architecture
- Perform routine activities related to the periodic review and audit activities of infrastructure security systems
Requirements:
- Bachelor’s degree or higher in Computer Science, Information Technology, Programming & Systems Analysis, Engineering, or other related fields
- Minimum 3 years of work experience in cybersecurity-related positions
- Familiar with OWASP TOP 10 vulnerabilities, and have a deep understanding of the principle, utilization, patching and reinforcement of various vulnerabilities
- Familiar with the enterprise's SDLC process implementation, building secure SDLC for IT companies, and have been in-charge of secure SDLC for a large dev team
- Familiar with black box testing methods and paths, and able to independently complete source code auditing work
- Hands-on experience in security design checklist
- Familiar with at least one programming language such as Java, Python, PHP, Go, C, etc, and proficient in reading design documents and related codes
Preferred Experience
- Having been credited to high-risk CVEs for well-known projects
- Having contributed to the development of open-source projects. Experience working in team collaborative development and familiar with development tools
- Fluent English communication skills for effective collaboration with multinational teams