AddressImprove business and family comfort, protection and productivity
The people in this position shall be based in Shanghai, China, will assure the security quality of HBT products through black box and white box security testing, reverse engineering, penetration test and so forth.The people in this position is the primary focal point for all Cyber Security matters related to the products of HBT in addition to product security compliance and external security certifications.
Responsibilities:
Coach junior Cybersecurity Analyst to improve their capabilities
Effectively coordinate with stakeholders to conduct penetration analysis
Review documents of security requirements, threat modeling, security risks and controls, source code and etc.
Generate security testing strategy, plan and test cases
Perform white box, black box, fuzzing, and penetration test and record security issues in JIRA system
Design and implement automation security testing framework
Interact with engineering team, Security Architect, project manager and other stakeholders for security testing related affairs
Improve security testing methodologies and productivity
Self-drive to follow up with latest security attacks and countermeasuresRequired:
Bachelor's degree in Computer Science, Electrical Engineering or similar discipline with an emphasis on electronic system security or Cyber Security
5 - 8 years’ experience in cyber or software penetration test
Knowledge of Open Source ethical hacking tools (Kali Linux)
Knowledge of OWASP Top 10, SANS Top 25 and associated security controls
Ability to handle penetration test (Manual and Automated), pinpoint security issues and suggest countermeasures
Intimate knowledge and hands-on experience using various penetration test tools like Nessus, Web Inspect, Nmap, BurpSuite, OWASP ZAP, Metasploit and so on
Excellent communications skills
Familiarity with software development lifecycle
Familiarity with one programming language at least
Fluent spoken English
Preferred:
Master's degree in Computer Science, Electrical Engineering or similar discipline with an emphasis on electronic system security
Automated white box fuzzing testing using SPIKE, PEACH and/or other COTS Tools
Expertise on Mobile APP & platform penetration test experience (Android, IOS, Windows, Linux and etc.)
CEH certification
Desirable Skills and Experience
Experience with security standards for industrial control systems such as ISA/IEC-62443
Knowledge and experience with key management using Trusted Platform Modules and Secure Elements
Knowledge and experience with cryptographic algorithms including DES, RSA, ECC, AES and so on
Knowledge and practice utilizing role-based access control and PKI certificates to authenticate end points, system processes, and users
Up to date knowledge of exploit techniques and hacker methodologies
Additional Information
- JOB ID: req434157
- Category: Engineering
- Location: 430 Li Bing Rd,Zhangjiang Hi-Tech Park,Pudong,SH,Shanghai,SHANGHAI,201203,China
- Exempt
