珠海招聘

Major Responsibilities:

1. Lead and coordinate the activities of vulnerability and configuration scanning and mitigation. Coordinate and perform penetration testing activities to assess risk posture of company environment. 

进行漏洞和配置扫描，并执行渗透测试，以评估公司网络环境的风险状况。

2. Work closely with IT and Cyber peers to architect patching strategies for potential vulnerabilities ensuring information security policy and best practices are enforced globally

为潜在的漏洞设计补丁策略，以确实施信息安全策略。

3. Work with internal business units to drive enterprise-wide patching efforts for approved third party software, manage expectations and set service level agreements.

与内部业务部门合作，对第三方软件进行修补。

4. Work with internal business units to drive secure configurations in images used for desktops, servers, network devices, and wireless network devices.

与内部业务部门合作，以驱动台式机，服务器，网络设备和无线网络设备的安全配置。

5. Produce meaningful metrics and reports in accordance with  direction from the Senior Manager of Governance & Risk.据上级的指示，制定指标及形成报告 。

6. Coordinate with Cyber Architecture and Engineering in the  completion of a risk register.

与网络架构及其他相关部门完成风险登记。

7. Network and web application penetration testing (red team  exercise) based on knowledge of found vulnerabilities (white hat only).

基于发现的漏洞对网络和Web应用程序进行渗透测试。

Requirements:

1. Bachelor Degree and Major in Cyber Security Engineering; 3-4 years related work experiences, CISSP or GISP certification is a must.

本科或以上学历，网络安全工程专业优先考虑；3-4年网络安全相关工作经验，必须取得CISSP或GISP证书。

2. Ability to suggest solutions for cross domain solutions to include Microsoft, Linux, IBM, SCADA, and configuration vulnerabilities.

能够为Microsoft，Linux，IBM，SCADA和配置漏洞提出跨域的解决建议方案。

3. Ability to use automated tools and analysis to assess operating systems, applications, databases, servers, and network equipment for vulnerabilities and secure configurations.

能够使用自动化工具和分析来评估操作系统，应用程序，数据库，服务器和网络设备的漏洞和安全配置。

4. Knowledge of and familiarity with identity and authentication management and their architectures.

了解身份认证管理系统及其架构。

5. Experienced in verification of cyber risk mitigation.

具有验证减轻网络风险的经验。

6. Working knowledge of vulnerabilities and configuration settings and their exploitation in order to gain access to networks, applications, hosts, and desktop.

掌握漏洞和配置的相关知识，以便获得对网络，应用程序，主机和桌面的访问。

7. Knowledge and ability to scan and suggest remediation for wireless architectures.

具备扫描和建议修复无线架构的知识和能力。

8. Ability to perform threat/vulnerability research, and perform source code scans.

能够执行漏洞研究以及执行源代码扫描。

9. Fluently in English and Cantonese, excellent writing and speaking skills. 

英语及粤语流利，良好的书写及沟通技巧。

微信分享