Information Security Expert
Job Description
- CISSP certification
- CISA certification
- 8+ years of experience in information security, with at least 5 years in senior security technical roles at internet companies or cloud service providers.
- Proficient in at least one programming language (Python/Go/Java) for development and automation.
- Familiarity with common security risks and hardening experience in cloud-native, Kubernetes, and Service Mesh, capable of independently carrying out cloud platform security governance.
- Understanding of DAST principles, product design, and implementation solutions, and knowledge of SAST, IAST tools principles and operations.
- Proficiency in network, operating systems (Linux), containers (Docker/K8s), and security attack and defense technologies.
- Excellent threat modeling and risk assessment capabilities.
Job Description
1. Lead the security architecture design and review of the company's core business, cloud-native (microservices, K8s, Service Mesh), and data platforms to ensure built-in security.
2. Responsible for tracking and analyzing new vulnerabilities in the industry and driving their implementation.
3. Responsible for data and behavior analysis related to security confrontation, anticipating risks. Lead emergency response for major security incidents, including emergency response process establishment, drills, handling, and post-mortem summaries.
4. Build automation tools and security platforms by writing code (Python/Go/Java) to productize and service security capabilities (e.g., vulnerability scanning, baseline checks, certificate management), empowering development and operations teams.
5. Responsible for the architectural design of the DevSecOps toolchain and agile implementation of security functions in the DevOps process.
6. Responsible for the implementation of SDL (Security Development Lifecycle), clarifying security control processes for software development projects, and providing authoritative security coding consultation, training, and code auditing for R&D teams.
Job Requirements
1. 8+ years of work experience in the information security field, including at least 5 years in senior security technical roles at internet companies or cloud service providers.
2. Proficient in at least one programming language (Python/Go/Java), with development and automation capabilities, able to write tools or scripts.
3. Familiar with common security risks and related hardening experience in cloud-native, Kubernetes, and Service Mesh, capable of independently carrying out cloud platform security governance work.
4. Familiar with DAST principles, product design, and implementation solutions, and understanding of SAST, IAST tools principles and operations.
5. Proficient in network, operating systems (Linux), containers (Docker/K8s), and security attack and defense technologies.
6. Possess excellent threat modeling and risk assessment capabilities.
7. CISSP, CISA certifications preferred.
