深圳招聘

Job Purpose
The Security Engineer provides technical leadership required to assess Web, Mobile, Thick-Client applications, Application Programming Interfaces (APIs) for exploitable vulnerabilities and guide development teams in fixing those in a strategic manner. The Security Engineer will stay informed of advances in DevSecOps tools, techniques and procedures, as well as various attacker techniques and provide feedback for improvements to tools and processes as needed. The Security Engineer ensures that process and procedures are efficient and compliant with standards. The Security Engineer ensures that all reports and metrics accurately document the details of vulnerabilities, their potential impact, and suggested remediation needed to manage risk. Additionally, the Security Engineer leads efforts and engagements with third party vendors when required to ensure that the company’s overall security posture is sound. Coordinates with other departments and teams across Business Units (BUs) to evolve information security alignment with company goals and objectives.

Essential Job Duties & Responsibilities
? Perform security reviews of architecture, application design, and source code
? Performs remediation testing and reporting through the application of penetration techniques in a fast-paced, highly technical environment
? Develops scripts, integration code to ensure the DevSecOps tools work together and provide value to development teams
? Analyzes application (e.g. Mobile, Web, backend, etc) security tool scan results and advises Development teams to strategically resolve identified issues
? Performs manual and static and dynamic application security testing with automated tools and manual techniques
? Identifies, develops, and documents in detail security issues and recommendations.
? Coordinates with other functional groups involved in Information Security, Risk, Security Architecture and Software Development teams.
? Conducts threat analysis and threat modeling, as well as creation of misuse cases and definition of threat actors for systems, in manner to suite agile way of application development
? Assists with Proof of Concept (PoC), technical evaluation, procuring, managing, and configuring Application Security tools in various environments
? Performs research of emerging technologies and design frameworks and capabilities required to guide development teams of new technologies adopted by the company
? Creates or maintains necessary DevSecOps processes and documentation
? Provides ad hoc reports as directed by leadership.
? Leads security improvements projects that include departments outside information security.
? Works, as necessary, alongside the company’s Security Operation Center (SOC) staff to build new monitoring capabilities based on threats and Red Team / Pentesting findings
? Maintains confidentiality on all sensitive security matters.

Other Duties
? Other duties as assigned.

Knowledge, Skills & Abilities
? Extensive experience in working under at least 1 DevSecOps area: Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Container Security (CSec), Software Composition Analysis (SCA)
? Familiar with vulnerability assessments processes, penetration testing techniques and audit procedures
? Well versed in web, mobile and native application exploitation (Buffer Overflows, SQL injection, cross-site scripting, click-jacking, etc.)
? Ability to work at a senior level when executing and improving work processes to ensure achievement of business goals
? Experience in working at least one cloud service provider (AWS, Azure, GCP, etc.). Azure experience is a big plus.
? Experience with information security control practices and frameworks is strongly preferred.
? Experience in multiple development languages would be advantageous
? Extensive understanding of cryptographic concepts and applied cryptography
? Proficiency in one or more scripting language (Perl, Python, Shell Scripting etc.)
? Extensive knowledge in data security and privacy related regulations relevant to Business Units (BUs)
? Excellent written and verbal communication skills (in English)
? Excellent applied critical thinking and troubleshooting skills.
? Requires comprehensive knowledge and mastery in assigned areas applying skills and competencies in challenging and complex situations.
? Ability to work independently and in a team environment.
? Experience leading projects and team activities.

Education and Experience
? Bachelor’s degree or equivalent work experience.
? 3-5 years of increasing responsibility in Information Technology, Information Security or Compliance required.
? CEH/OSCP/CISSP Preferred.
? Additional relevant industry certification(s) preferred.

深圳保诚科技有限公司--保诚亚洲金融科技研发中心
保险科技(InsurTech)是金融科技(FinTech)一个重要分支领域，随着科技的不断进步，保险行业已经逐步入由科技撬动发展的新阶段。
保诚集团以外商独资的形式在粤港澳大湾区的核心城市深圳，设立独立法人机构保诚亚洲金融科技研发中心（注册名称为“深圳保诚科技有限公司”），建立保诚集团在亚洲的区域性科技生态系统。研发中心将成为保诚集团在中国大陆长期发展战略的重要一步，以此为基础组建保诚中国的团队和人才库，并借此提升保诚集团在中国大陆地区的品牌知名度。
研发中心的服务对象为保诚集团亚洲区总部及各子公司，研发中心的重点业务包括：数据分析处理、软件开发、业务合作。
保诚亚洲金融科技研发中心由位于英国的保诚企业控股有限公司直接投资设立。
随着研发中心的成立，保诚将根据相关政策的落地情况，适时推出大湾区跨境医疗保险以及由香港分公司在大湾区设立保险售后服务中心，并探索在深圳设立独资资产管理公司的可行性。金融科技研发中心未来将在功能和区位上与这些项目形成协同效应，推动保诚集团在大陆市场的进一步发展。