Job Description
Team Introduction:
The system risk control and audit team mainly focuses on company system security, penetration testing, vulnerability mining, and network security planning.
Responsible for system security audits, business process risk control/audit, etc.
Team Planing:
- System security risk control: 1-2 (person)
- Risk control audit: 3-4 (people)
Position 1: System Security Risk Control Engineer-Senior
Position details:
- Responsible for the company's overall information security planning, establishment of security management system processes, system design, and implementation.
- Conduct security assessments on systems, networks, and servers, assisting/tracking the corresponding teams to implement solutions and promoting execution.
- Track security vulnerabilities and patch information in the industry, assess risks, submit risk reports, and avoiding risks related to security facilities.
- Responsible for penetration testing and system intrusion detection, alarms, trace analysis, and avoidance.
- Responsible for team personnel preparation, guidance, training, and improving the team’s knowledge base.
Position 2: Risk Control Audit Strategy Engineer-Senior
Position details:
- Establish and implement a comprehensive company internal supervision and review process, formulate a thorough regular inspection plan, and provide planning and constructive suggestions.
- Communicate with other departments within the company and improving internal work processes, formulate regular audit plans and implement them.
- Responsible for organizing and analyzing the data of each business segment within the company, being good at discovering problems from the data, provide risk assessments and reports, achieving timely warnings and reminders of risks, and promote the resolution of the risks.
Skills
Position 1: System Security Risk Control Engineer-Senior
Requirements:
- Degree in System Security, Computer Applications, or related major, with more than 3 years of system security experience.
- Familiar with Linux, Windows operating systems, WEB application servers, and other related security policies and procedures.
- Familiar with mainstream security tools and technologies, IDS/IPS, etc., and have practical experience in policy formulation and incident handling.
- Proficiency with web security attack and defense, system penetration testing.
- Have a strong interest in vulnerability discovery and be familiar with common web vulnerabilities, such as SQL injection, XSS, etc.
- Have strong language skills in Chinese/English
Position 2: Risk Control Audit Strategy Engineer-Senior
Requirements:
- More than 3 years of experience in risk control, auditing, system construction, and documentation within large-scale businesses or internet companies.
- Familiar with the online operation systems and understanding of production environment processes.
- Strong logical thinking, communication, and teamwork skills.
- Strong data analysis skills and awareness of risk control; proficiency in SQL and related skills is a plus.
- Proficient in using various office software
- Be proactive, with a good work attitude, the ability to self-learn, and have strong ability to handle pressure.
- Have strong language skills in Chinese/English
