JobTitle: Cyber Intelligence & Prevention Manager 网络情报与预防经理 Department: Information and Intellectual PropertySecurity (IIPS) Location: Shanghai This is a technical position to establishand implement corporate efforts to safeguard and monitor APP’s information andintellectual property assets, and coordinating alignment with the BusinessResilience and Asset Protection function. It will be particularly important forthe IIPS department to ensure alignment among the technology groups andbusiness leadership teams regarding threats, risk levels, data and technologysecurity. JobDescription: • This position will act like aninternal blue team in cyber combat, mainly focus on risk aspect of APPinformation infrastructure. You will be tasked to assess, review, and identifythe loopholes from the current infrastructure and processes so that enhancementcan be made. • Conduct regular and ad-hoc riskassessment to company systems, applications or factory sites. • Perform regular vulnerabilityassessment and follow through vulnerability life cycle to make sure the risk iswell managed. • Work with BG and other functionteams to assess their security requirements and needs. • Identify security issues andrisks, and develop mitigation plans for company applications and systems • Research and collect cybersecurity intelligence and assess potential impact to the company. • Coordinate penetration testingfor critical infrastructure and information. • Third Party Connection risk duediligence. Qualificationsand Capabilities 1. B.S. orM.S. Computer Science or related field, or equivalent experience 2. 8+ yearsof relevant work experience, in the areas of risk assessment, penetrationtesting, web application development and testing etc. 3. Familiar withserver/application/product security check methodologies like OWASP Top 10.Knowledge in code auditing is preferred. 4. Experience insystem/application/database hardening and penetration testing methods. 5. Strong knowledge invulnerability lifecycle in Windows/Linux OS, database, SAP, Web, mobile devicesetc. Able to analyze Rootkit/Trojan/Virus and provide mitigation solutions. 6. Experience in webapplication development tools like .net, Java, PHP etc. Understanding of SDL. 7. Experience in IoT, Mobile,Cloud security is strongly desired. 8. Familiar with controlframeworks such as ISO 27001/2, 9. Certified Information SystemsSecurity Professional (CISSP) is strongly desired. 10. Englishfluently, Chinese as first or second language. 30-60/年
欢迎招聘咨询顾问、IT精英人才等请加微信:gogoat 或加全国IT求职招聘群:146999050
不想错过高端求职信息?关注我们的微信吧!微信公众号:ITILXF ()
圈子决定你的未来,关注IT高端精英圈,人脉+知识+资讯,尽在你掌握!
|