Job Description
Security Planning and System Design:Develop and implement the company’s overall information security strategy and management system.Design and execute security management processes to safeguard the company's systems, data, and networks.Security Assessments and Risk Management:Conduct security assessments on internal systems, networks, and servers.Work closely with relevant teams to implement security solutions, track progress, and promote effective execution.Penetration Testing and Intrusion Detection:Lead penetration testing efforts to identify weaknesses and vulnerabilities within the company's infrastructure.Conduct system intrusion detection, alarm generation, trace analysis, and implement measures to prevent further risks.Security Vulnerability Monitoring:Continuously monitor and track emerging security vulnerabilities, including web application attacks such as SQL injection, XSS, etc.Develop strategies to mitigate these vulnerabilities and avoid security risks associated with the company's systems.Team Development and Knowledge Management:Guide and train team members to improve their technical expertise and maintain a high level of security knowledge.Ensure that the team’s documentation and security protocols are continuously updated and well-documented.RequirementsAt least 3 years of hands-on experience in system security or related fields, with expertise in security risk assessment and mitigation.Degree in System Security, Computer Science, Information Technology, or related fields.Strong understanding of Linux and Windows operating systems and related security policies and procedures.Familiarity with WEB application servers and security protocols.Proficiency in using mainstream security tools and technologies such as IDS/IPS, firewalls, and other monitoring systems.Hands-on experience in formulating security policies, handling incidents, and responding to security breaches.Experience with system penetration testing, web application security, and vulnerability discovery.Deep understanding of web security issues, including common vulnerabilities like SQL injection, Cross-Site Scripting (XSS), etc.Ability to perform risk assessments, vulnerability analysis, and threat mitigation.Proficient in Chinese and English (both written and spoken) for clear communication of security issues and risk reports.