We are looking for passionate technology cybersecurity professionals with SDLC and vulnerability management experience to be part of the Information Security team.
Job Responsibilities:
Secure Software Development:
Provide guidance and support to development teams on secure coding practices.
Collaborate with developers, testers, and product managers.
Application Security Assessment:
Conduct regular security assessments and penetration testing of applications to identify vulnerabilities and potential risks.
Perform code reviews and security audits to identify security flaws and provide recommendations for remediation.
Prepare and deliver clear and concise reports detailing assessment findings, risks, and recommended remediation strategies to technical and non-technical stakeholders.
Vulnerability Management:
Monitor and assess the latest security vulnerabilities, responsible for promoting the remediation of security vulnerabilities.
Develop and implement processes for vulnerability detection, remediation, and tracking.
Work closely with cross-functional teams to enhance the overall security posture of our fintech products and services.
Research and Innovation:
Stay updated with the latest security trends, vulnerabilities, and
Evaluate and recommend new security technologies and solutions to enhance application security posture.
Security Controls Implementation:
Design, develop and maintain set of scripting tools (Python, bash) for monitoring purposes.
Participate in threat modelling and security architecture reviews to proactively identify potential security weaknesses.
Job Requirements:
Qualified candidates are expected to:
Requires Chinese language skills.
Experience in application security, penetration testing, SDLC and security assessment.
Deep understanding of web application security and API security.
Good communication skills, both written and verbal, with the ability to explain complex security concepts to technical and non-technical stakeholders.
Programming/scripting skills (e.g., Python, Ruby, Bash) for developing custom security tools and scripts.
Responsible for building and managing the team.
Other additional/desirable qualifications:
CEH, CompTIA Security+, OSCP, CPT, CASE certifications are desirable.
Knowledge of Cloud platforms such as AliCloud, AWS is desirable.
Familiarity with fintech technologies, payment systems, and financial industry regulations (e.g., PCI DSS, GDPR, etc.) is desirable.
Familiarity with mobile application security is desirable.