【岗位职责】
1、调查分析安全告警,寻找潜在的漏洞或入侵的迹象。
2、基于日志进行 Threat Hunting,开发自定义检测规则以识别安全事件。
3、开发和维护安全 Dashboard 和 Report。
4、维护 SIEM 平台和数据质量。
5、与其他团队和工作室合作,调查并应对安全事件和潜在的入侵行为。
6、开发 SOAR Playbook,实现安全响应自动化。
【岗位要求】
1、具备 SIEM 的知识和实际操作经验,了解 ELK(ElasticSearch,Logstash,Kibana)组件优先。
2、具备常见查询语言与编程工具,如 SQL、KQL、ES|QL、Python、Golang 等。
3、熟悉常见的开源或商业的 SOAR 工具与产品,并有开发 Playbook 的经验。
4、理解网络协议和架构,熟悉 IPS/IDS、防火墙、VPN 等网络安全产品和工具。
5、拥有强大的分析能力,能够分析和关联来自不同来源的大量事件日志。
6、具备事件响应和安全调查的经验,并具备编写高层次事件报告的经验。
7、拥有良好的协作沟通能力,与跨职能团队进行合作。
8、熟悉主流的 IAAS 云服务产品并具有操作经验者优先,如 AWS、GCP、腾讯云、Azure 等。
9、具备游戏主机开发工具包安全经验者优先。
10、拥有带领安全和合规项目经验,尤其是与游戏开发/发布相关者优先。
11、信息安全认证如:CISSP、CISA、CISM 或 CEH 为加分项。
Tencent is a world-leading internet and technology company that develops innovative products and services to improve the quality of life of people around the world.
Founded in 1998 with its headquarters in Shenzhen, China, Tencent's guiding principle is to use technology for good. Our communication and social services connect more than one billion people around the world, helping them to keep in touch with friends and family, access transportation, pay for daily necessities, and even be entertained.
Tencent also publishes some of the world's most popular video games and other high-quality digital content, enriching interactive entertainment experiences for people around the globe.
Tencent also offers a range of services such as cloud computing, advertising, FinTech, and other enterprise services to support our clients' digital transformation and business growth.
Tencent has been listed on the Stock Exchange of Hong Kong since 2004.