Shopee 应用安全岗位招聘(新加坡/深圳)

上次的招聘信息发出后,很多同学问我,Shopee安全团队有没有Web安全应用安全的岗位。这次大的就来了,因为我自己也是应用安全团队的,所以这个岗位和我是同一个部门同一个Team哦!

我们应用安全专家岗位,工作地点是深圳或新加坡,所以投递的时候最好跟我说明你想要base在哪个地点。

对于我们公司和我们团队的介绍,工作福利待遇等,可以点击下图查看我前面的文章:

Shopee 应用安全岗位招聘(新加坡/深圳)_第1张图片

应用安全岗位招聘JD如下(中文和英文版本)。

✅ 安全专家-SDLC方向

岗位职责

  • 参与安全SDLC开发生命周期的落地工作,参与业务的安全方案评审、安全设计及技术评估

  • 负责参与完善安全开发流程、体系化建设,制定相关安全标准和要求

  • 输出安全解决方案和安全测试报告,针对其中漏洞输出修复方案并跟进落地

  • 评估主流应用框架的风险点,制定安全方案为各业务线提供安全支持

岗位要求

  • 本科及以上学历,5年以上相关工作经验

  • 熟悉常见Web安全漏洞,对漏洞原理、利用与修复加固有深刻理解

  • 熟悉甲方SDLC流程落地和安全建设,有互联网公司SDLC工作经验,曾独立负责大型业务线落地

  • 熟练掌握黑盒测试方法和路径,能够独自完成源码审计工作,熟悉和实践过安全设计CheckList

  • 熟悉Java、Python、PHP、Go、C等至少一种编程语言,能熟练阅读设计文档和相关代码

  • 对常见的认证、越权、篡改等业务逻辑漏洞有了解,能够独立挖掘业务逻辑漏洞

  • 在漏洞挖掘,代码审计及安全解决方案等方向有丰富经验

加分项

  • 拥有著名开源或通用软件漏洞CVE,有框架层漏洞挖掘经验

  • 参与过大型开源项目开发,熟悉团队开发流程与工具

  • 具备流利的英文沟通能力,能够与跨国团队合作

✅ Expert Security Engineer - Secure Software Development Life Cycle (S-SDLC)

Key Job Responsibilities

  • Participate in the implementation of secure Software Development Life Cycle (SDLC), and be responsible for the security solution reviews, security design and technical assessment for business departments

  • Improve the secure SDLC, build the standard system, and formulate relevant security standards and requirements

  • Produce security solutions and security test reports, provide advice in patching vulnerabilities and follow up with the risk mitigation

  • Evaluate the risk points of mainstream application frameworks and develop security solutions to provide security support for each business line

Key Job Requirements

  • Bachelor's degree in Computer Science, Engineering or related fields

  • More than 5 years of relevant work experience

  • Familiar with OWASP TOP 10 vulnerabilities, and have a deep understanding of the principle, utilisation, patching, and reinforcement of various vulnerabilities

  • Familiar with the implementation of enterprise's SDLC process, have work experience in building secure SDLC for IT companies. Having been in charge of secure SDLC for a large dev team.

  • Familiar with black box testing methods and paths, able to independently complete source code auditing work, have hands-on experience in security design checklist;

  • Familiar with at least one programming language such as Java, Python, PHP, Go, C, etc., and proficient in reading design documents and related codes

  • Having understanding in common business logic vulnerabilities such as authentication, ultra vires, and tampering, and experiences independently exploring business logic vulnerabilities would be a bonus

  • Extensive experience in vulnerability mining, code auditing and security solutions Experience in vulnerability mining at the framework level is preferred

Bonus Points

  • Having been credited to high-risk CVEs for well-known projects

  • Having contributed to the development of open-source projects. Experience working in team collaborative development and familiar with development tools.

  • Fluent English communication skills for effective collaboration with multinational teams

感兴趣的同学,可以在公众号后台联系我,或者直接将简历发送至我的邮箱:[email protected]

你可能感兴趣的:(安全)